How to keep private data secure when transmitting over the Internet
Smartphones carry a wealth of personal data on them. Depending on the use of your application, you may need to transmit some of your customer’s private data to your server. The security of this data is important to your customers, and to your business.
Almost weekly, a large company admits that it has been hacked and that personal customer data has been lost to unknown groups. With the rise of smartphones, valuable personal data has become available for use by your application, but with this availability comes a responsibility to help secure the private data transmitted by your application.
What is Private Data?
If you think about some of the information that mobile applications can obtain from a device, you might come up with a list of personally identifiable information like:
- Phone IMEI
- Phone Number
- E-mail Address
- Phone number
- Applications used
- Credit card numbers
Sending private data over the Internet, without encryption, without any protection, puts your user’s private information at risk. This is bad for users and bad for your business.
Best Practice Recommendation for Securing Private Data
When your application collects private data and sends it over the Internet, should be sent via HTTPS. Better still, the data should be encrypted and/or obfuscated and then sent over HTTPS.
Going one step further, you should investigate where your customer’s private data is being sent. By running a “Man in the Middle” attack, and collecting a network trace, you can see if any libraries or SDKs are collecting your customer’s data.
The bottom line – do all that you can to identify any and all private data that is being collected, and then do everything you can to help protect it.