1 00:00:00,330 --> 00:00:01,980 Security of Apps. 2 00:00:01,980 --> 00:00:04,740 How do you know the app you want to install is secure? 3 00:00:04,740 --> 00:00:07,020 How do you know it's not going to be spying on you? 4 00:00:07,020 --> 00:00:09,490 How do you know there's no malware embedded in it? 5 00:00:09,490 --> 00:00:10,770 Well, you don't. 6 00:00:10,770 --> 00:00:12,510 But the best way to ensure that you don't 7 00:00:12,510 --> 00:00:15,106 get those type of things is by installing applications 8 00:00:15,106 --> 00:00:17,810 from the official mobile stores only. 9 00:00:17,810 --> 00:00:19,037 If you're using an Android device, 10 00:00:19,037 --> 00:00:20,737 that's the Google Play store. 11 00:00:20,737 --> 00:00:21,997 If you're using an iPhone, 12 00:00:21,997 --> 00:00:24,360 that's going to be the App Store. 13 00:00:24,360 --> 00:00:26,398 Now, some people have taken their phones 14 00:00:26,398 --> 00:00:29,632 and done what's called jailbreaking it or rooting it. 15 00:00:29,632 --> 00:00:31,300 On an Apple device, 16 00:00:31,300 --> 00:00:33,320 jailbreaking it means you're going to remove 17 00:00:33,320 --> 00:00:35,478 the security protections that Apple has put in place 18 00:00:35,478 --> 00:00:38,010 so that you can take it from your wireless carrier 19 00:00:38,010 --> 00:00:39,017 to a different wireless carrier, 20 00:00:39,017 --> 00:00:42,548 or install third-party apps outside of the App Store. 21 00:00:42,548 --> 00:00:43,776 As you can probably guess, 22 00:00:43,776 --> 00:00:46,550 these are both bad security practices 23 00:00:46,550 --> 00:00:48,009 and should not be done. 24 00:00:48,009 --> 00:00:50,080 Now, when you have an Android device, 25 00:00:50,080 --> 00:00:51,400 we don't call jailbreaking it, 26 00:00:51,400 --> 00:00:52,575 we call it rooting it. 27 00:00:52,575 --> 00:00:54,860 The reason is because Android is at heart 28 00:00:54,860 --> 00:00:56,450 a Linux operating system. 29 00:00:56,450 --> 00:00:57,566 So, if you root the device, 30 00:00:57,566 --> 00:01:00,240 you now have administrative permissions over it. 31 00:01:00,240 --> 00:01:02,500 And you can install whatever applications you want 32 00:01:02,500 --> 00:01:03,820 and make the phone do things 33 00:01:03,820 --> 00:01:06,290 that it wasn't necessarily designed to do. 34 00:01:06,290 --> 00:01:08,770 Again, making sure that you don't jailbreak 35 00:01:08,770 --> 00:01:11,050 or root your device is a good first step 36 00:01:11,050 --> 00:01:13,057 to ensuring you have a secure device. 37 00:01:13,057 --> 00:01:15,817 Next, you want to think about what browser 38 00:01:15,817 --> 00:01:18,246 and what applications you're actually running. 39 00:01:18,246 --> 00:01:21,350 For example, if you're using the Chrome browser, 40 00:01:21,350 --> 00:01:23,086 that's a fairly secure web browser. 41 00:01:23,086 --> 00:01:25,897 But if you decide to get a third-party web browser, 42 00:01:25,897 --> 00:01:28,480 you don't know who it is that put that out there 43 00:01:28,480 --> 00:01:30,030 and if you can trust them. 44 00:01:30,030 --> 00:01:31,700 Maybe they're giving you this web browser 45 00:01:31,700 --> 00:01:32,980 but they're also taking a copy 46 00:01:32,980 --> 00:01:34,366 of all your data going through it. 47 00:01:34,366 --> 00:01:35,836 To avoid those type of issues, 48 00:01:35,836 --> 00:01:39,276 always get official applications, when possible. 49 00:01:39,276 --> 00:01:41,806 And speaking of web browsers, 50 00:01:41,806 --> 00:01:43,580 one of the things you want to ensure 51 00:01:43,580 --> 00:01:45,935 is whenever you're browsing the web on your mobile device, 52 00:01:45,935 --> 00:01:48,897 you're always going to the secure version of a website. 53 00:01:48,897 --> 00:01:53,406 That's denoted by the https at the front of the web address. 54 00:01:53,406 --> 00:01:56,236 This ensures that you have a TLS tunnel created 55 00:01:56,236 --> 00:01:58,665 between your phone and the server. 56 00:01:58,665 --> 00:02:00,057 What's TLS? 57 00:02:00,057 --> 00:02:02,494 Well, it's Transport Layer Security. 58 00:02:02,494 --> 00:02:05,600 It's going to put an encryption layer and a tunnel 59 00:02:05,600 --> 00:02:07,500 between your device and the server 60 00:02:07,500 --> 00:02:10,160 to ensure you have confidentiality and nobody 61 00:02:10,160 --> 00:02:12,513 is conducting a man-in-the-middle attack from you. 62 00:02:12,513 --> 00:02:16,090 Now, as businesses, we are increasingly going mobile 63 00:02:16,090 --> 00:02:17,210 all of the time. 64 00:02:17,210 --> 00:02:19,650 An Enterprise Mobility has a couple of things 65 00:02:19,650 --> 00:02:20,770 that we need to think about 66 00:02:20,770 --> 00:02:23,470 when we talk about securing our apps as well. 67 00:02:23,470 --> 00:02:25,499 One of those is making sure we have control 68 00:02:25,499 --> 00:02:28,658 over those devices and what apps are installed. 69 00:02:28,658 --> 00:02:30,280 If your organization is going to be 70 00:02:30,280 --> 00:02:32,510 providing the cellphone to its employees, 71 00:02:32,510 --> 00:02:34,170 you have the right to install 72 00:02:34,170 --> 00:02:35,930 mobile device management software. 73 00:02:35,930 --> 00:02:38,500 MDM or Mobile Device Management 74 00:02:38,500 --> 00:02:40,050 is a centralized software solution 75 00:02:40,050 --> 00:02:42,970 that allows your system administrators to create 76 00:02:42,970 --> 00:02:45,960 and enforce policies across all of the mobile devices. 77 00:02:45,960 --> 00:02:48,260 This can ensure that people don't install games 78 00:02:48,260 --> 00:02:51,131 like Angry Birds or they don't put third-party apps 79 00:02:51,131 --> 00:02:54,550 or that they could only go to certain websites. 80 00:02:54,550 --> 00:02:56,500 Whatever precautions you want to enable 81 00:02:56,500 --> 00:02:58,210 and whatever policies you want to enforce 82 00:02:58,210 --> 00:02:59,519 is really up to your organization. 83 00:02:59,519 --> 00:03:02,159 But in the end, it's the thing that lets you do that. 84 00:03:02,159 --> 00:03:04,510 Now, one of the things that you want to consider 85 00:03:04,510 --> 00:03:07,948 with your phones is they have location access based on GPS. 86 00:03:07,948 --> 00:03:11,439 Should you allow location access to an application? 87 00:03:11,439 --> 00:03:14,220 For example, if you're trying to get/use the Yelp app, 88 00:03:14,220 --> 00:03:16,210 it needs to know your location 89 00:03:16,210 --> 00:03:17,500 so it can make recommendations 90 00:03:17,500 --> 00:03:19,270 of the restaurants around you. 91 00:03:19,270 --> 00:03:21,370 Well, if you enable location access to apps 92 00:03:21,370 --> 00:03:23,170 and you're not sure who that app is, 93 00:03:23,170 --> 00:03:26,620 that app can now track your location and where you're going. 94 00:03:26,620 --> 00:03:28,150 This is a privacy concern 95 00:03:28,150 --> 00:03:30,040 and something you need to think about. 96 00:03:30,040 --> 00:03:32,690 It's highly recommended that you turn location services off 97 00:03:32,690 --> 00:03:35,231 for any apps that you don't need it for. 98 00:03:35,231 --> 00:03:37,601 Obviously, you're going to need it for your GPS app 99 00:03:37,601 --> 00:03:41,290 but for most other apps, you don't need GPS enabled. 100 00:03:41,290 --> 00:03:43,540 So, you can turn it off for those particular apps 101 00:03:43,540 --> 00:03:45,350 in your settings. 102 00:03:45,350 --> 00:03:48,540 Another privacy concern is the use of Geo tags. 103 00:03:48,540 --> 00:03:49,982 What exactly is Geotagging? 104 00:03:49,982 --> 00:03:53,480 Well, Geotagging is embedding the geolocation coordinates 105 00:03:53,480 --> 00:03:56,460 or GPS coordinates into a piece of data. 106 00:03:56,460 --> 00:03:59,484 Most commonly, this is done with a photo or a video. 107 00:03:59,484 --> 00:04:02,484 By default, on your iPhone when you take a picture, 108 00:04:02,484 --> 00:04:05,180 your GPS coordinates are embedded 109 00:04:05,180 --> 00:04:07,774 into that photo as metadata. 110 00:04:07,774 --> 00:04:09,894 That means, wherever you post that photo 111 00:04:09,894 --> 00:04:12,910 like on Facebook or Twitter or Flicker, 112 00:04:12,910 --> 00:04:15,680 you could take that photo and read those coordinates 113 00:04:15,680 --> 00:04:18,280 and figure out where all those photos were taken. 114 00:04:18,280 --> 00:04:20,030 Now, this is really handy if you went 115 00:04:20,030 --> 00:04:21,350 and took a trip around the world 116 00:04:21,350 --> 00:04:22,183 and want to figure out 117 00:04:22,183 --> 00:04:24,120 which picture went with which location. 118 00:04:24,120 --> 00:04:26,763 But, it does bring some dangers to your organization. 119 00:04:26,763 --> 00:04:30,123 For example, what if every morning your manager 120 00:04:30,123 --> 00:04:32,023 went to a local coffee shop 121 00:04:32,023 --> 00:04:33,710 and they decide to take a picture 122 00:04:33,710 --> 00:04:37,141 and post it on Facebook everyday around 8am. 123 00:04:37,141 --> 00:04:39,730 This would tell an attacker that that manager 124 00:04:39,730 --> 00:04:42,040 is not in the office everyday at 8am 125 00:04:42,040 --> 00:04:43,754 instead, they are at the coffee shop. 126 00:04:43,754 --> 00:04:46,527 They can now target that manager either at the coffee shop 127 00:04:46,527 --> 00:04:48,447 or target that manager's office 128 00:04:48,447 --> 00:04:50,670 because they know the location of the manager 129 00:04:50,670 --> 00:04:53,260 and where they won't be, in the office. 130 00:04:53,260 --> 00:04:55,439 So, geotagging is something that needs to be considered 131 00:04:55,439 --> 00:04:58,239 when developing your organization's security policies. 132 00:04:58,239 --> 00:04:59,837 It's up to your organization to decide 133 00:04:59,837 --> 00:05:02,470 whether or not you want to allow geotagging 134 00:05:02,470 --> 00:05:03,929 but I highly recommend turning it off 135 00:05:03,929 --> 00:05:06,762 for privacy and security concerns.