Mobile applications have saturated society, and the average user today doesn’t think twice about whether or not these apps are secure. They will gladly put in personal information, including bank account or credit card numbers, because they trust that the company behind the app has made this a safe thing to do.
The problem is that many app developers, though well-intentioned, end up with improperly implemented security measures that leave their apps open attack from experienced hackers. In order to avoid a cyber-attack that can spell disaster for brands of all shapes and sizes, app developers must learn to choose the right security options such as Subject Alternate Name (SAN) SSL, Wildcard SSL, and Extended Validation (EV) SSL, as well as how to use them in the most effective manner.
Properly Used Wildcard SSL, SAN SSL, And EV SSL Offer Ample Security
The first step in protecting mobile apps and their users is to choose an appropriate SSL certificate security measure. There are a few different options available which can be used separately or in a combination depending on the particular security needs in each situation. Understanding which options are available and which ones do, or do not, work together can prevent developers from buying more than is needed or picking the wrong tool.
The initial choice to make is usually between SAN (Multi-Domain) SSL and Wildcard SSL. Though each of these options performs similar security functions, they have crucial differences that make them appropriate in different situations. The SAN SSL certificate, for instance, is commonly used to protect multiple, separate domain names using one certificate, while the Wildcard SSL certificate is used for one root domain and its numerous subdomains.
- One SAN SSL certificate can protect up to 100 fully qualified domain names. There is no need that all of the domain names must be entered when the certificate is purchased, organization/individual can add domain names in between lifecycle of already purchased Multi Domain (SAN) SSL certificate.
- One Wildcard SSL can protect a single root domain, along with all its first level subdomains and all future subdomains too. If a company has one domain and its many subdomains in use or in development, then Wildcard SSL Certificate is a great choice. However, if there are two or more root domains, each one would need its own Wildcard SSL.
- For some companies, one or the other option will suffice, but companies with numerous domains to manage may need a flexible combination of the two. In addition to SAN SSL and Wildcard SSL options, app developers should also consider EV SSL to instill further trust.
- EV SSL is an option that proves to app users that they are using the official app associated with the brand they are looking for, rather than an imposter looking to steal their credentials. EV SSL certificate is a valuable option to promote trust for any app or website, but it can be particularly effective for those who utilize sensitive personal information such as bank or credit card data.
SSL Problems are a Common Security Concern for Mobile Apps
Many developers fail to realize that it isn’t enough to simply purchase SSL certificates for a mobile app and put them in place. This is because SSL problems become a common security failing for mobile apps if the right practices and checks aren’t used on a regular basis. SSL issues due to improper implementation are so common that they fall into TeskaLabs list of five most common mobile app security issues. These include:
- Insecure Data Storage
- SSL Issues
- Data Leakages
- Untrusted Inputs
- Weak Server Side Controls
Symantec is familiar with this implementation problem, and has provided a SSL best practices guide for developers to help them run the right verification and make their certificates as effective as possible. Though employing SSL certificates in the first place is a good start, regular certificate checking and chain building must be carried out to ensure each encryption is running effectively.
The Right Options Depends Upon Security Needs And Budget
It’s clear that SSL certificates for mobile applications come in multiple varieties and can be used in a wide range of combinations. Developers can easily get caught up in choosing between all the different options and forget that simply putting certificates in place is not enough.
In order to make SSL certificates as effective as possible, it’s important to perform regular checks and follow the best practices such as those laid out by Symantec to ensure hackers can’t exploit any weaknesses. Wildcard SSL, SAN SSL, and EV SSL are all very valuable ways to protect websites and mobile apps when they are properly implemented and maintained.