How Secure is your Event App?

January 11, 2020

How Secure Is Your Event App?

The mobile world is continuing its rapid transformation and we are fast becoming reliant on our mobile devices for almost everything we do. Technology has rapidly become a part of our daily lives and social transformation has created a groundswell that we simply can no longer ignore. Due to the need to enhance the live participant experience, the value of mobile devices for events has increased immensely.

By 2016, it’s expected that there will be more than 10 billion mobile, internet ready, devices in use globally. This is astounding given it exceeds the earth’s total population. As you would expect mobile application security will need to grow tremendously in order to match the demand from consumers and ever evolving threats to mobile security.

In recent years the event industry has raised questions concerning security within mobile apps based on an article concerning security breaches by a leading app developer “Security researchers decided to take a look at the app to see just how secure it was. In a short amount of time, they identified a total of six flaws.” The article notes two issues that are really concerning:

The most severe of them can be exploited for man-in-the-middle (MitM) attacks. An attacker could inject a phishing page into the login sequence to trick users into handing over their credentials.”1 And, “The information in the app is retrieved from an SQLite database file that’s downloaded to the smartphone. This file contains the information of every user who has signed up for the Conference app, including full name, company and title.”

Yes, these are very concerning breaches. This has prompted event managers to ask the question “How secure is our app and what does our event app developer do to prevent something like this from happening to us”? I am pleased that this has awoken the event industry. We have been preaching protection of customers’ data and user privacy since the beginning! Not that long ago, a US state sued an airline for not publishing a privacy policy inside their app because of the information they were collecting:

The suit was later dismissed but it prompted extremely important dialog relating to user data. We all need to be concerned about what information is being collected and how it is being used inside of the mobile apps we use daily.

First, let me say that NO ONE’s mobile app is ever going to be completely 100% secure! If the FBI, CIA, Bitcoin banks, credit card companies, Target, and other highly secure websites/domains can be hacked, no matter what we do we will not stop them completely. If a hacker wants to break in, they will have ample time to do so and they will figure out how to breach a mobile app. There is a fine line here because if we make the app too secure, it creates a barrier to entry and usage. The added complexity can also significantly increase app support requests when users can’t get access into the app. This can cause low download numbers, lack of usage, drop in sponsorships, and the wonderful experience you were expecting to get out of your mobile app – goes away!

Only serious event app developers make it their job to educate their clients about mobile app security. They work on ways to make sure sensitive information is not accessible via the app or if it is really sensitive they keep it out of the app but still provide access in other ways. They also teach customers about having a privacy policy that details what information is collected to help protect them and their clients. DIY app vendors don’t provide this type of service and there is no one there to protect customers from uploading information that can be compromised. Leading app developers with implement features that require users to opt-in and ways to protect user and customer data. They use encryption techniques to secure data so that attackers can’t trick users with man-in-the-middle attacks into handing over their information. For obvious reasons I will not go into detail regarding these techniques but as President or Core-Apps, Jesse Snipper said to me, “every effort is made to keep customer data secure when that is requested but as with all security, it makes access harder — most clients opt away from security and instead choose to limit what they put in the app to publicly available information.”

For more information regarding how to secure your app with and without multiple levels of security, contact your event app developer or feel free to contact me for a secure referral.

About the author: Darren Edwards

Darren Edwards is the founder of Invisage Creative Services in Australia. With more than 22 years’ of experience in the meetings and events industry, Darren continues to explore and develop creative design and innovative technology products to the benefit of the global event industry.

About Invisage Creative Services |   

Invisage Creative Services has been providing creative and technology products to the meetings and business events industry since 1993.  Their vision is to connect people and to perfect the event experience by delivering creative, engaging, and collaborative technology solutions for meetings, conventions and tradeshows around the world. Core products include mobile event apps, collaborative technologies, virtual and hybrid events, email marketing, cloud based solutions, website development and graphic design.