HTTPS uses TLS/SSL (Transport Layer Security/Secure Sockets Layer) to ensure critical privacy during internet transmission. If this protocol is used correctly, all data transmitted or received by the application is encrypted and cannot be read by third parties. When a mobile application does not implement SSL, as is usually the case, it establishes a connection, authenticates and transmits clear-to-air data over the network. A STANDARD MITM attack would be able to recover this data. If an application implements SSL, but the SSL certificate is not properly verified, that application is vulnerable to an MITM-SSL attack. Remember how hard you worked to build your business. Things like proprietary processes, supplier and manufacturing agreements, customer lists, etc., need to be protected. Make sure your employees are not allowed to open a competing business with your valuable information. Lines or follow the name of the machine, which is marked with a symbol bearing the character „A.“ Make sure you have a lawyer who issues a confidentiality agreement specific to your needs. While there are many generic NOA models available online, the cost of an NDA tailored to your needs and location can save you time and money if it is to be applied across the board.
Cloud storage providers that offer „customer-side“ encryption can continue to have access to your password and encryption key, or provide zero real-knowledge encryption. Unfortunately, some of the encryption schemes used by cloud providers have predictable patterns that attackers can discover and exploit. Data encryption cons means (1) You need to do this, probably at a separate stage of downloading or downloading, (2) You need to manage and protect passwords and keys, which can become complicated when you decide to share data. Finally, look at the completeness of security in your system. Encryption could provide protection for data during transmission or dormant data, but what about the arrival points? What about the implementation of policies at a border through which encryption passes? If an iPhone app has not been properly designed, an app connects to each host that responds to the desired host name, allowing customer login information to be sent to the wrong host. For example, the host file can be modified to redirect secure.nameofyourapp.com to an IP address and server controlled internally. When the host file is updated to the device, the app transfers all traffic to the internal server so that an attacker or reviewer can view confidential application data. If the app was designed accordingly, it fails as soon as the host file is updated. A common problem is that the people responsible for implementing SSL/TLS on the server are not necessarily security engineers and therefore tend to focus on the server infrastructure.
You can implement and test SSL/TLS, and it looks safe; but there may be weaknesses. The MD5, for example, has been an encryption algorithm that has been in the works for more than 10 years. Although they are still considered useful for applications such as file integrity verification, the authorities have designated them to opt out of the use of communication. The U.S. Department of Homeland Security`s CERT group states in Vulnerability Note #836068 „Software developers, certifiers, website owners and users should avoid using the MD5 algorithm in any capacity. As previous studies have shown, it should be considered cryptographically broken and unsuitable for future use“ (CERT Vulnerability Note VU-836068, n.d.).