Authenticator Apps | Mobile App Security

Secure your mobile accounts with best authenticator apps

The days when you could just have one password and keep your data safe are long over. The recent surge in cybercrime means that mobile users need to have more than one type of authentication guarding their files and login details.

  • Two factor authentication (2FA), which relies on a password or Face ID along with code-based access, is an excellent security solution for anyone using a mobile device.
  • Authenticator apps can help protect enterprise or personal information alike, and that’s just as well because hackers are increasingly targeting individuals and not only businesses.

In this article we take a look at some of the best authenticator apps on the market for both android and Apple devices and give you some practical advice for choosing the one that best suits your needs.

The features of a good authenticator app

Before you download an app to protect your data, it’s important to know what features to look out for. You’ll want to choose an authentication app that has these qualities:

  • Reliable and well-known. Big names are generally better when it comes to security apps – especially since cybercriminals have been known to use obscure apps to carry about attacks.
  • Affordable. Fully functional and free authenticator apps are available, and they usually offer the features you need with no unnecessary add-one.
  • Up to date. As cybercriminals are constantly finding ways to bypass authentication, your app will need to be at the cutting edge in order to be effective.

Still not sure how to pick a 2FA app? We reviewed the best ones and narrowed down your choices to help you decide.

Three excellent authenticator apps for business and personal data protection

  1. Authy
    As one of the most popular authenticators on the market, Authy combines user friendliness and versatility for both business and personal data. The app syncs with your other devices and can still generate authentication tokens when your device is offline, making it ideal for business travel.
  2. Microsoft Authenticator 
    Businesses that use Office365 and other Microsoft products will find the Microsoft authenticator app to be extremely effective. Seamless integration with Microsoft’s broad array of products makes it ideal for enhancing the security of files you share across your organisation.
  3. Duo Mobile 
    When it comes to mobile users with Android devices, Duo Mobile provides fast multiple factor authentication with full support for productivity on the go. After registering and receiving an activation link you can use the app to doubly secure all your logins.

Take your data protection to the next level with secure cloud storage

Multi factor authentication is an essential part of any data security strategy – but your data itself needs to be protected too.

To further enhance the safety of your sensitive company files, you can rely on secure cloud storage with advanced encryption at a time when cyberattacks are still on the rise.

Browse Soteria’s range of secure backup packages for businesses to get started.

Mobile Malware | Mobile Security

Are you a victim of mobile malware?

Your smartphone gives you access to the world right in the palm of your hand, but if you’re not careful it could also give cybercriminals access to your private information.

To avoid becoming a victim of fraud or other online crimes, it’s essential to make sure that no mobile malware is running on your android or iPhone – but how do you know if your device is infected?

Here are some tell-tale signs that your phone may have a malware infection and how to remove this dangerous software from your device.

Is your phone infected or just getting old?

A smartphone that takes longer than usual to load apps or loses battery power in a hurry could just be getting old. Then again, it could be infected with malware.

If your phone is less than two years old and suddenly seems to be running slowly, there’s a good chance that a malicious app is putting a drag on system performance.

Similarly, if you notice that your smartphone battery drains after just a few hours of moderate use and your phone is relatively new it’s likely that you’re dealing with a malware infection.

Installing a reliable antivirus app with malware scanner is the shortest way to find out whether your device has been compromised. The sooner you know, the sooner you can get rid of potentially dangerous software that gives hackers access to your personal information.

You keep seeing ads everywhere

Some apps make their revenue from ads, and if you’ve been seeing them all along there’s probably no cause for concern. However, if an app that  doesn’t usually run ads suddenly starts displaying them you may have adware running on your phone without your knowledge.

Are Android or iPhone devices more susceptible to malware?

Traditionally, the iPhone was always a safer choice when it came to viruses and mobile malware due to Apple’s enhanced digital security and the extensive checks the company does before allowing an app to register on the App Store.

However, recently, a number of apps harbouring mobile malware have managed to slip through the cracks.

iPhone users may be more protected in theory but that doesn’t mean they should be complacent when faced with the tell-tale signs of a malware infection.

Keep your data safe on all devices with secure cloud storage

Every time you sync your devices, you are sharing valuable data that needs to be protected.

Soteria’s range of secure cloud storage packages for business and family use are the ideal way to keep sensitive information for your eyes only.

Location Enabled Apps Targeted | App Security

Drug Traffickers Target Location Enabled Apps

Do you know who your employees are ‘talking’ to on their devices, or even who your child is chatting with on their smartphone?

Social Media and digital platforms with location enabled apps such as WeChat, EskomSePush and Telegram, which allow users to find others in close proximity to them, are being used by cybercriminals to carry out a host of crimes, including drug dealing.

As the festive season approaches and holiday crimes increase, keeping personal information safe and making sure that your family does the same has never been more important.

Here’s what you need to know about the security threat posed by criminals that have access to your location data through location enabled apps.

EskomSePush and other apps – a tool for drug pushers

Load shedding has been a reality for South Africans since 2008, and the app EskomSePush has made life a lot easier for us during times of uncertain power supply. Unfortunately, the “find users near me” function, which was designed to let neighbours find and help each other during blackouts, is being used by drug dealers for nefarious purposes.

Children are often targeted by drug dealers to be used as moles and pick up or delivery agents because the law doesn’t allow a person under 12 years of age to be prosecuted for drug possession.

Law enforcement authorities have reported several incidents in which drug dealers used the app’s location function to communicate with nearby people – especially children – and rope them into their illegal dealings.

WeChat, a popular messaging app developed in China, may also be used by criminals to connect with people nearby and either attempt to scam them or involve them in illegal activities.

Platform owner interventions

Sadly, drug markets, child trafficking, document forgery and other such crimes have been digitally enhanced and even enabled by technology which remains a key driver of these illicit trades.

Platform owners are continuously updating and adapting their detection systems to deal with cryptic emojis and banned words, but with user behaviour constantly changing, the reality is that any real security would hamper the functionality of location enabled apps.

Stranger danger online: educate before it’s too late

Allowing your children to associate with strangers online poses an immediate danger to you and your family. Parents should be especially careful about giving their children access to mobile devices with apps like EskomSePush installed.

It’s essential to keep yourself and your family out of harm’s way by educating your children about the dangers of communicating with strangers online.

Keep your data safe with us

The risks involved with being connected to the internet continue to rise, and safeguarding your data is non-negotiable.

Keep your private information safe with our range of secure cloud storage packages that are ideal for families.

Keep ID Info Safe | Personal Data Security

Stop sending your identity via email or WhatsApp

Online scams and cybercrimes carried out using email, WhatsApp and other digital apps continue to affect smartphone users across the world.

Despite multiple warnings in the media, including this article on WhatsApp scams published on our blog recently, the number of these incidents continues to rise.

As a responsible provider of encrypted cloud backup and data security we are mindful of just how easy it is to be lulled into a false sense of digital security. As such, we feel it’s only right that we follow up on our guide to the best email security practices with a word of caution for WhatsApp and regular email users who may be requested to send copies of their ID document or passport electronically using the app or by email.

We take a closer look at the risks involved in sending personal information in the form of photos and screenshots via messaging apps and why you should avoid doing this at all costs.

could you WhatsApp me a copy of your ID?

the answer is NO

Whether it’s a travel agent, the doctor’s office, your insurance company, or even a relative, anyone who asks you to send them a photo or screenshot of your passport or ID document may be setting you up to become a victim of cybercrime, whether they know it or not.

  • Many people believe that the encryption technology used to send WhatsApp messages offers full protection from data theft. However, encryption only works in the split-second it takes to transfer information between two devices.
  • Once a copy of your ID or passport is on someone else’s phone, it can easily fall into the wrong hands.

Next time someone asks you to send them a scan or photo of your ID document, you’ll be doing a great deal for your own data security by saying NO.

There are other methods of sharing your ID number, including doing so over the phone on a voice call, once you have verified that the caller is genuine of course!

There may also be certain situations when you’re requested to provide a copy of your ID even though it’s not legally necessary. You can always check with the person requesting this document whether there’s another way to verify your identity that doesn’t put your personal information at risk.

keep copies of your ID safe in the cloud

Keeping electronic copies of your personal ID documents on a hard drive or flash disk is risky. If you want to keep this kind of information on hand, it’s always best to store it in the cloud using fully encrypted storage.

It’s time to ask questions about your online security and acknowledge that sending your personal data out via email or messaging apps puts you at risk. It’s your data and you can ensure it’s protected with our range of secure cloud storage packages that will help keep all your sensitive information safe. Contact us today to learn more.

App Entrepreneurs | Mobile App Development

Stellies Student Scoops Agritech App Entrepreneurs Award

Tech may not be the first thing that comes to mind when most people think about the agricultural industry, but for one Stellenbosch student they couldn’t be more closely linked.

Economics student Lunga Momoza recently received the Stellenbosch Network Entrepreneur of the Month award for his app called Basket which promises to connect energetic farmers with customers for their fresh produce.

Local innovators using technological solutions have the potential to solve many of SA’s development challenges and help the economy to grow. Let’s take a look at the Basket app and how it promises to revolutionise the way business is done in the Stellenbosch agricultural industry.

planting the seeds of tech transformation

South Africa’s agricultural sector is brimming with potential, but many upcoming farmers don’t have sufficient access to customers. At the same time, small traders find themselves paying higher than necessary prices for the fruits, vegetables, and other products they sell on a daily basis.

The Basket app is designed to close the gap between these two groups, providing direct market access for small farmers and allowing suppliers and customers to fine-tune their orders according to the produce that’s in demand at a given time.

  • The app is still under development, but once it exits the prototype stage and goes live it’ll be available for download, offering farmers and customers a unique opportunity to connect online.
  • The app will operate on a transaction fee structure of 3.5% percent, remaining affordable for small traders and farmers
  • Recognising that many informal traders still operate on a cash basis, Basket will make provision for COD payments with a 7.5% delivery fee.

an online future calls for high tech data security

Economic development goals and the challenges facing the agricultural sector can more easily be achieved with the help of future farming technology like the Basket app.

With bright young tech partners coming up with innovative solutions, every industry in our economy could soon benefit from lower transaction costs and increased efficiency.

Moving business online means moving sensitive data online too, and secure cloud storage with full encryption is the ideal solution for business data security. Browse our range of cloud storage solutions today and keep your business information in the right hands.

Digital Passports | Mobile Apps

Digital Vaccine Passports – Are They a Blessing or a Security Risk?

Digital passports: are they the answer to opening up the country again or simply an unsecured backdoor left swinging in the wind? How would a digital vaccine passport affect, your business, and your personal life? These are the questions that need answering if we are ever to get back to ‘normal life’.

The new normal is fraught with restrictions regarding large gatherings of people, whether for entertainment, sporting events, or larger businesses. Covid has a lot to answer for having wrenched much of our hard-earned freedoms away from us.

With bans and restrictions on international travel affecting tourism and the economy, it’s no wonder the government and the World Health Organisation are looking for ways to remove the Covid shackles. But in order to grant us our freedom of movement, will this be at the cost of our digital security?

digital certificate vs. physical certificate

In South Africa and many other countries, paper-based vaccine certificates are the current form of proof of vaccination. However, the concern is that paper-based versions can easily be forged or tampered with, and even lost. In addition, there is no way to prove the EVDS (Electronic Vaccination Data System) number on the certificate is valid or genuine.

QR based digital certificates would remedy the situation allowing users to either print the QR code or download it onto their phone to present as proof of their vaccine status. This is an attempt by the WHO (World Health Organisation) to standardise vaccination proof globally. This initiative is thought to be a solution to possible fraud using security which meets international standards.

The downside, as we already know, is that QR codes come with their share of digital risks. If you aren’t aware of the risks, be sure to read our blog on the risks of QR codes here.

benefits of a digital passport

The WHO advocates the use of the digital passport which can be used for continued trace. The record will form part of an individual’s medical history and provide proof of vaccination status to places of study, employers, and at international borders.

A global digital passport –

  • Provides health workers with necessary information regarding subsequent doses or health services required.
  • Provides information regarding vaccine dose, vaccine type, and schedule of when the next dose is due.
  • Enables investigation into adverse vaccine effects and vaccine safety.
  • Allows for monitoring of vaccine status of individuals.
  • Proves vaccine status after a positive Covid-19 test and helps to understand vaccine effectiveness.
  • Provides proof of vaccine status for tertiary education, work, and travel.

when can we expect the digital passport?

Health minister Joe Phaahla announced that the government is looking at launching a digital Covid-19 vaccine certificate in the coming weeks. However, this is still very much a work in progress, and currently, no country offers this digital passport.

Once released, the digital passport would be available to all those who have their personal information stored on the EVDS system, including those vaccinated over the past months. The government plans to request that the passport is used to gain access to sporting events, large entertainment areas, and some businesses. However, public facilities and services will not be subjected to this requirement as the vaccine is not mandatory.

final thoughts

A digital passport could be the answer to all our freedom woes. However, as with any app or technology that uses your personal information, you should be aware there are always risks involved. All eyes are on world governments to see how they plan to roll out digital vaccine passports and what security measures will be in place.

WhatsApp Apps | App Security and Updates

The Low Down on WhatsAppening to WhatsApp Apps

Mobile apps have transformed the way we live our lives. From ordering online to keeping tabs on our health, from banking to gaming there’s an app for everything, and communication apps are a big part of the conversation. In fact, can you even remember how you conversed before the days of Skype, Slack, Facetime, Telegram, WhatsApp or WeChat?

However, with modern technology and mobile apps changing at virtually the speed of light, it’s important to remember that these innovations can come with an added cost to your security.

Take Facebook owned WhatsApp Messenger as an example.

Launched in 2009, this platform is one of the most popular messaging apps in the world. Ever evolving, messaging apps such as WhatsApp are difficult to monitor and control making them a frequent target of hackers and scammers. We take a look at recent updates and developments to the platform and how these might affect your data security.

whatsApp updates

WhatsApp first announced its improved multi-device capabilities in July 2021. This meant that apps supporting the WhatsApp function would no longer require a smartphone connected to the internet in order to function properly.

This new capability offers app users the ability to use WhatsApp on an additional four non-phone devices, without being connected to the phone.

how secure are third-party WhatsApp apps?

To run an official WhatsApp version on a tablet currently you need to use the WhatsApp web platform, but users often download modified versions of the app such as GBWhatsApp and WhatsAppPlus.

These third-party apps go against the Terms of Service of the WhatsApp platform and aside from the security risks that users expose themselves to, they also stand the risk of having their WhatsApp account banned for using an unsupported version of the app.

coming soon to iPad

Facebook is in the process of giving WhatsApp a virtual facelift by creating an app suitable for tablets, adding this to their own virtual tool-belt of multi-device support capabilities.

The multi-device 2.0 will mean that you can use your iPad as a linked device without needing your smartphone to act as a hub for the link although you will still need to have a phone number. Currently, the app can be connected through portals, Windows and MacOS but these need to have a primary smartphone device connection.

While still under development, you can expect to see these changes in the very near future. In addition, the changes will mean that WhatsApp will work independently for iPad, and those with iOS will automatically have the iPad version once it is rolled out.

will whatsApp still be secure?

To keep users secure, WhatsApp has revamped its security measures. Each multi-device will have its own identity key mapped to the user’s account. As a result, messages are encrypted and not stored on servers once delivered.

In addition, using improved technologies will prevent compromised servers from snooping on communications if they add additional devices to the user’s account.

  • Extended security codes – unique identifiers so contacts can verify devices
  • Automatic device verification – devices automatically trust each other without reregistering
  • Biometric authentication for linking devices – fingerprint of facial recognition to link devices
  • Device list – a visible list of devices can be monitored for use and logged out of remotely.

is your data secure?

Sadly, the best security technology in the world often can’t protect you from your biggest security threat – your own end users.

Human error, whether it be malicious intent or naïveté isn’t always in your control but having an effective set of company security policies and an automatic data backup system means that you have a backup plan to access data in the event of a system failure or cyberattack. We ask you – whatsAppening with your security?

Hackers | Message Mirroring Apps

Can Hackers use Message Mirroring Apps to Bypass Security?

Forty years ago, the world was a safer, and slower place. The internet was still in its infancy, and the need for online security would have featured low on a business’s to-do list. Fast forward to 2021, where online security, data storage and protection are now a priority and message mirroring apps another security concern altogether.

passwords vs 2FA

Most businesses make use of passwords as a means of protection but in this digitised environment a single password security system is all too easy to bypass.

Almost 80% of hacking-related breaches are attributed to weak and compromised credentials. Thus, the need for two-factor authentication (2FA) which provides an extra layer of security, which works in conjunction with your username and password.

However, as with everything internet related would-be hackers aren’t thwarted for long. Any hacker worth his weight in technical exploitation can develop ways of bypassing 2FA via the single access codes sent by SMS to a smartphone.

attack of the androids’

Hackers can also bypass SMS-based 2FA remotely by gaining access to the users email and password combination connected to a Google account. They then install a readily available message mirroring app onto the phone via Google Play.

This form of attack is made easy as people tend to be creatures of habit, using the same login details and passwords for many of their online services. Unfortunately, this type of online behaviour increases the risk of being hacked.

Once the message mirroring app is installed, the attacker reverts to good old-fashioned trickery and, posing as the service provider, influences the victim to grant the relevant app permissions. The hacker now has full access to their communications and SMS one-time passcodes used for 2FA.

Although there are several conditions to be fulfilled if this kind of attack is to work, it demonstrates that SMS -based 2FA methods do have their weaknesses. This form of attack doesn’t require much more than an above average knowledge of how apps work coupled with a bit of social engineering.

Imagine how real the threat if a trusted person with access to your smartphone orchestrated this type of attack.

how can you protect yourself from message mirroring apps?

  • Utilise a Password Manager – This makes your username /password more secure
  • Limit the use of SMS as a 2FA method – Use app-based one-time codes generated in apps such as Google Authenticator
  • Use dedicated hardware devices such as YubiKey– USB devices that enable 2FA across different services

Aside from using password managers and implementing alternative authentication methods, make sure that your data is backed up and stored securely in the cloud.

Mobile Apps – a threat to our digital privacy

Some would say that mobile apps pose a serious threat to our digital privacy. And surely anything that represents a threat should be quickly and effectively eradicated, especially when it comes to our privacy?

However, the suggestion of a world without Apps is sure to raise more than a few gasps. These nifty bite-sized pieces of software are easily downloaded onto our smartphones at the tap of a finger and quicker than you could make a cup of tea. And more often than not, downloaded without stopping to consider if the app could be a threat to personal information.

Responsible App Development

App developers following a ‘privacy by design approach should be aware of the laws that now govern and demand that a users’ data be protected irrespective of where they live on the globe. The complexities of being compliant with data protection laws in multiple countries can cause many a headache for the app developer though. The real concern is that developers often lack the technical understanding or interest to review privacy terms, and don’t actually speak the same ‘legalese’.

However, headaches aside, the responsibility of protecting the end users’ privacy is down to the developer from the moment they start to create the App.

While most apps have embedded technology that allows for the sharing of data with third-party platforms, privacy laws don’t do a particularly thorough job of ensuring that third parties abide by the compliance rules. Often, third parties have terms and conditions that push the responsibility of considering the user’s privacy upfront and onto the shoulders of the App developer.

This leaves App users unprotected, with the App developer legally liable for any misuse of data as determined by the Protection of Personal Information Act and the GDPR. Furthermore, App developers will ordinarily decide why and how the App collects data.

These protection acts make the App developer, the ‘data controller’ and thus responsible for the data’s use where ever it may end up.

If this information leaves you feeling vulnerable, the truth is you are and need to be implementing steps to safeguard yourself.

How an App Developer Needs to Safeguard Themselves

One of the seven foundational principles of the ‘Privacy by Design Approach’ is ‘Visibility and Transparency.’ By following this principle, App developers should be putting best practices into action to ensure they don’t face unforeseen legal liability.

A privacy by design approach for developers should follow the following principles:

  • Monitor developer platforms for security and privacy
  • Notify users of any data transfers to third parties
  • Provide easy to use privacy controls
  • Ensure that all privacy policies and procedures are documented, communicated, and assigned

In addition, app developers should always check the contract and third-party code carefully, ensuring that they are not saddled with all the responsibility.

Concerned about your Digital Privacy?

A few simple behavioural changes will ensure that you maintain security on your digital devices. Here’s our quick takeaway on how to protect your information online.

  1. Secure your accounts by using a password manager to save your passwords and generate different, complex passwords for all your accounts. Once setup you will end up with new passwords for all of your accounts.
  2. Protect your web browsing with a browser extension to block ads and the data that they collect.
  3. Use antivirus software to protect yourself from viruses and malicious software which can wreak havoc to your business and personal information.

Lastly, be sure to do regular online cloud backups for off-site data protection. Get in touch with us today for your free 30 day trial.