The news that the Apple App Store was unencrypted for a significant period of time has me concerned about the internal app store that my company built for users. What kind of encryption practices should be put in place for enterprise app stores? Do third-party services that build these kinds of app stores generally encrypt them?
Ask the Expert!
SearchSecurity expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email. (All questions are anonymous.)
Back in July 2012, Elie Bursztein, a researcher at Google, found a number of vulnerabilities related to Apple's iOS app that let users browse and download apps from their App Store. The main vulnerability was that data sent to and from iOS devices via the App Store was unencrypted. This type of information should always be encrypted when in transit using the SSL/TLS protocol; otherwise, it can be read, intercepted and manipulated by an attacker on the same network, such as public Wi-Fi networks found at airports and coffee shops.
Bursztein notified Apple of the App Store encryption problem, but Apple only announced it had fixed the issue in January by enabling HTTPS. Nobody is sure exactly how long this vulnerability existed, but whenever the App Store app sent unencrypted communications over a public network, users would have been left open to several types of attack, including password theft, app swapping, fake upgrades, installation prevention and app spying.
App swapping involves duping users into installing an attacker's app when they think they're installing legitimate software. App spying taps into the App Store's update mechanism to view all the apps installed on a user's device. This potentially provides a digital fingerprint of the user, as the selection of apps may be unique to the individual. To be on the safe side, users should change their Apple ID passwords, particularly if they have downloaded apps or other content from the App Store in the past few months.
The problem with data sent using HTTP is that anyone on the same network, whether it's wired or wireless, can eavesdrop on what's sent. Not only can they read the traffic, but they can modify it too. This is one reason why Google, Facebook, Twitter and other sites support access to all pages on their sites over HTTPS, as the encryption it provides prevents eavesdropping and unauthorized modification.
Administrators of enterprise app stores should look closely at how they're securing user data, not just when in transit over a network, but also when at rest. If a third party develops your app store, require assurances that all communications are encrypted and sensitive user data is encrypted within the database. Do not assume this is the case. If in any doubt, arrange to see a demonstration to prove all personally identifiable data and other sensitive information is securely handled by the store.
When it comes to instituting minimum enterprise app store encryption requirements, there is no reason not to use SSL/TLS encryption. It can be made largely transparent to the user, so the difference in online experiences between encrypted and unencrypted sessions is fairly modest. HTTPS does require some additional administration and cost. A digital certificate needs to be obtained and private keys stored securely. Always run a check to ensure your digital certificate is correctly installed and works with the mobile devices you want to support. HTTPS will also mean more work for servers, as it's much harder to cache HTTPS traffic, but these issues are a small price to pay to prevent attackers from hijacking connections to your app store.
This was first published in August 2013