CES is known as “the most influential tech event in the world – the proving ground for breakthrough technologies and global innovators.” The four day event brings companies around the world together to share their top of the line innovations from genetically engineered houseplants for air purification to a flying car; nothing is off the table and the new technology continues to surprise and excite consumers. Here are a few of my takeaways from the mobile app technology that came out of CES this year.
Ring™ Car Cam
Amazon’s security company designed a camera that helps detect break-ins and gives you the ability to check in with your car via the Ring App. You can also talk remotely with anyone near your car, or have it record whatever is happening nearby, in case you want a record during an accident. The device can also be used to record being pulled over by the police, which could potentially be helpful in civil rights cases.
- Cybersecurity Concern: The primary concern is how the company handles user data with its current technologies like its smart home and video doorbells. Now it wants to access another aspect of your life which is your car. Hackers have been known to infiltrate smart doorbells to harass or threaten people and they can potentially do the same for when you are driving resulting in car collisions or worse.
Neutrogena’s™ Updated Skin360 App
The app only requires the camera on your phone to get a deep, in-depth assessment of your skin. The images are analyzed using Neutrogena’s database of 10,000 other selfies from a range of age groups and ethnicities. The app also prompts you to take weekly progress photos and “As more data is tracked, NAIA will use machine learning to improve analysis and recommendations, getting more precise and intelligent,” said Michael Southall, the global research and development lead of Neutrogena Skin Tech.
- Cybersecurity Concern: A major concern with facial scans and access to your device’s camera is security and collecting biometric data without consent. Essentially, if an unauthorized person gets access to your facial biometrics, they can technologically recreate your biometric data and use it to access other more important content that may require facial recognition to access. To note, a consumer recently filed a class action lawsuit with Neutrogena’s parent company Johnson & Johnson claiming the company illegally collected and stored biometric information through its Neutrogena Skin360 skincare program.
Samsung™ Flex Hybrid
The new OLED panel can fold and slide in or out to alter its size. While this is just a concept, the OLED offers wider viewing angles, darker blacks, higher contrast and deep colors, the new Flex Hybrid screens appear to be primed for entertainment.
- Cybersecurity Concern: It can be an app developer’s nightmare. For one, the lack of a stable API in AOSP against which the devs would code, in turn means you now have to use Samsung-specific coding, updates, etc. and keep chasing after Samsung-specific changes. In addition, testing will be difficult since the standard emulators you get from AOSP wouldn’t have emulation for the new folding extras. A stipulation could be if the folding “features” become a standard part of AOSP, developer/product adoption would never pick up. With the folding phones, developers (including UI/UX teams) have to also navigate what to do when a sidebar pops out, the phone turns into a bigger window that may be a non-standard dimension, the user flips the phone, or when the user folds the phone, etc.
New technology is always fun and exciting but it also means a new opportunity and target for hackers. Here are a few security tips on how to protect your app’s data and privacy when it comes to new technologies.
- Use curated app stores when available
- Use a tool like Q-MAST to vet and scan all your apps privileges and privacy concerns
- Delete unneeded and unused apps
- Minimize personally identifiable information stored in apps
- Grant the least amount of privilege access to all installed apps
- Review location settings and grant the privilege of ‘only allow when app is in use’.
With Q-MAST, developers can integrate full automated mobile app security testing into their CI/CD pipeline to ensure a solid, secure final mobile app. A report is provided that shares threat details, remediation guidance and pass/fail evidence. Q-MAST digs deeper and tests more thoroughly and is capable of the depth and breadth of app testing required by the current market.