INTELLILINK Smartphone Application Diagnostic Service for E-commerce

Various security incidents are occurring due to the development in short period and not using appropriate security features for smartphone applications, in which the emphasis is on the service-in and releasing new features and development speed is required.

INTELLILINK Smartphone Application Diagnostic Service proposes countermeasure policy and provides advice on improvements necessary to take appropriate management measures for personal and confidential information on individual terminals that are difficult to be controlled by administrator.

Main causes leading to security incidents and impact

If a vulnerability exists in a smartphone application, it may not only trigger various security incidents such as leakage of personal or confidential information, but also affect a social credibility and corporate image of the company.

Risks faced by smartphone applications

Because smartphones have risks different from those of servers, measures unique to smartphone applications are required.

Prepared by NTT DATA INTELLILINK Corporation based on the
"Android Application Secure Design/Secure Coding Guidebook" [September 1, 2018 Edition] by Japan Smartphone Security Association

*The Android Robot is copied or modified from a work created and provided by Google and used in accordance with the conditions set forth in the Creative Commons Attribution 3.0 License.

Examples of threats and vulnerabilities handled by smartphone application diagnostic service

Smartphone applications have various factors and weaknesses that can lead to the leakage of confidential information such as personal data.

Examples of threat

• Communication is intercepted or tampered by man-in-the-middle attacks
• Critical information leaks due to weak encryption
• Development back-door or debugging functionality is misused
• Authentication features such as password lock are bypassed

Examples of vulnerability

• Failure to validate SSL/TLS server certificate
• Insufficient encryption of confidential data
• Debugging function for development is enabled
• Authentication function can be bypassed

Smartphone application diagnosis identifies the risk of information leakage

Features of INTELLILINK Smartphone Application Diagnostic Service

Smartphone Application Diagnosis

• We inspect for problems according to our own inspection items extracted from the OWASP (Open Web Application Security Project) Mobile Top 10 and the OWASP Mobile Testing Guide.
• We conduct static and dynamic analysis for highly accurate inspection.
• Based on the inspection results, we report problems accurately and precisely.

Briefing

• For each vulnerability, we provide examples of preconditions and attack techniques and determine the degree of risk in the event of damage.
• We propose countermeasure policy and provide advice on improvements.

Benefits from INTELLILINK Smartphone Application Diagnosis

• The risk of personal information leakage and associated damages can be reduced.
• By clarifying the extent of impact and the degree of risk from the problem, effective improvements can be carried out by assigning priorities.
• A precise improvement policy can minimize the time and cost required for improvements.

Flow of INTELLILINK Smartphone Application Diagnostic Service

*This service is registered under "Information Security Service Standards Examination and Registration System" by the Japan Security Audit Association (JASA), a non-profit organization, which conducts the audit and registration.