More Thoughts on Web/Mobile Apps

 

        A couple of weeks ago, I wrote some thoughts regarding my initial interest around web/mobile apps – you can read it here. I decided it was time to dig a little deeper and talk about opening a can of worms. Before I get into it, a note about the terminology I will use in this post that might differ from my others. Applications, commonly abbreviated to apps, are programs people use to accomplish tasks. The user-oriented task is that component that separates apps from other programs that may run in the background on a device (Van Sant, 2015). For this post, “computers” will refer to desktop and laptop-type devices, and “mobile” devices will cover smaller portable devices like smartphones and tablets.

        Okay, so “web/mobile apps” is far from just one thing. For some, “web” means that the application runs entirely in the device browser and for others, it means the application relies upon an internet connection for any of its functionality. In contrast, apps that run in the browser are native apps that are installed on the phone, but even some of these are repackaged internet browsers that only allow access to publisher’s app. The term “mobile” also ranges from those native apps to web pages that use various strategies to be mobile-compatible while also serving computers (Serrano et al., 2013).

Native VS web Browser

Mobile Device	Native App	Web (Browser) App
Pros	Built with the specific Operating System and sometimes device model in mind, the app can take full advantage of specialized device features.	The primary compatibility focus is on browser standards, mainly HTML5, CSS, and JavaScript allowing for use on wide range of devices.
	The device-specific design allows for better focus on user interface elements, often resulting in a better end-user experience.
Cons	Any update to device software may mean the app needs to be updated to match. The more specialized the app and the more devices it is available on could translate into needing updates very often.	Functionality is limited to what’s available for browser access – though this has grown over the years.
	iOS and Android use different programming languages for their apps and must be developed and maintained separately.	Design can rely on a “one size fits all” strategy leaving some devices with poorly rendered user interfaces.

 

The web is only going to get bigger. It is hard to consider that something as currently prolific as the internet had its beginnings only 50+ years ago to share joint project information between government and educational organizations. Consumer usage increased around 30 years ago as CompuServe began offering email services over the Internet (Vahid & Lysecky, 2019). Reduced electronics costs and increased mobility let a wide range of people have access to the internet on demand. Any future I have with IT is absolutely going to require the ability to navigate and harness the web.

        Apps that handle consumer and/or business transactions would be responsible for passing important data over the internet. Before I do any future work in the web/mobile app space, I will need to grow my cyber security skills or partner with a cyber security expert. While I have an end-user’s awareness that cyber security is essential, I currently lack the skills to implement any kind of user or company protection in my app development.

        What about mobile vs. computer development? Over the past ten years, computer ownership has hung steady in the mid to high 70s percent range while smartphone ownership has risen from 20% recently, getting to the 72% volume (Alsop, 2022; Taylor, 2023). However, when looking at internet uses between the ages of 16 and 64, mobile is the clear winner: “96.2% of people in this group own a smartphone. 63.1% have a laptop or a computer” (Petrov, 2023, section 11). Also, sales through mobile browsing account for 58% of e-commerce (Petrov, 2023). With mobile devices so prevalent among consumers, corporations must be interested in matching talent to this trend. While my current and limited experience is on computers, I am not against mobile apps and look forward to an opportunity to get some mobile app hands on experience.

        Now that experience will come down to native vs browser app. My current inspirations basically amount to fancy calculators, so I would not need the robust hardware access that a native app would give me. I have some experience with HTML5 and CSS, markup languages, so browser apps play into that strength, leaving me to delve deeper with JavaScript. If I go with trying to make a native app, like for my Android phone, I will have to learn a new programing language. Android Developers (n.d.) studio recommends Kotlin. I would also need to consider my specific device for the short run while keeping in mind the functionality of future devices for the long run. While these are not insurmountable tasks, the browser route would be faster.

        Even then, this is all front-end considerations. A back-end architecture still runs on other languages to process user requests and retrieve information from relevant databases. This architecture is likely the same regardless of the front-end user’s device. I happen to have a little experience here with building reports off of databases using SQL connections in Microsoft’s Power BI platform. While this experience is far from being a full database engineer, at least I have some awareness.

In keeping with the discussion started in my earlier post, how does this wide range of web/mobile app affect my IT journey? Am I going to adjust my skill goals to best fit within the width and breadth of web/mobile apps?

Kind of.

I’m on this path because I’m chasing my passion and interests. Setting my goals only based on what I think can bring me personal profit will kill that passion. However, I can try to direct my interests, and certainly how I pursue those interests, in directions that bring my skill set into the web/mobile app realm.

Network Threats and Security

 

Computers and supporting networks have become ingrained into nearly every aspect of American culture, from the public to the private, confidential, and even top secret. This scope of network usage makes Network Security of the utmost importance. The top impacts of corporate security breaches are extortion and data theft (IBM Security X-Force, 2023). As Check Point (n.d.) succinctly puts it, "Network Security protects your network and data from breaches, intrusions, and other threats" (p. 1). Network attacks can come in various forms, often mixing cyberspace attacks and social engineering.  

For our purposes in this post, a cyberspace attack will refer to any network attack that is primarily a digital-to-digital attack. A denial of service (DoS) is a type of cyberspace attack against a website or service. In a DoS attack, the attacker uses either an overwhelming volume of requests or specially formatted requests to overwhelm or crash a server making it unable to process requests from legitimate users. The legitimate users being denied access to the service is the source of the term (Vahid & Lysecky, 2019). Generating a Ping of Death (PoD) is one method of DoS. Pings are Internet Control Message Protocol (ICMP) echo requests, a helpful tool used in general monitoring, maintenance, and troubleshooting network connection between two devices. A Ping is corrupted into a PoD cyberspace attack by either oversizing or malformed the IP packets so that the receiving system crashes when trying to reassemble the message. The threat of PoD is mitigated by checking the request parameters and filtering out the high-risk ones (Radware, n.d). PoD are one example of attacks between network systems.  

By contrast, social engineering is when network attacks focus on taking advantage of the human element in network systems. By focusing on the human vulnerabilities prevalent in every computer system worldwide, attackers can bypass digital security to achieve their goals (Wang et al., 2021). The aim is to use deception to get an individual to reveal sensitive information or credentials, install malware, or commit fraud (IBM Security X-Force, 2023; National Institute of Standards and Technology, n.d.). While there are several ways to deceive people, IBM's X-Force (2022) found that 41% of all network attacks started with a Phishing scheme. Phishing is a play on the word "fishing," as social engineering will use bait to get the user to perform an action. This bait is usually an email intended to evoke an emotional response, commonly fear - "follow this link and log in to unfreeze your bank account" or hope - "provide me this information or follow these steps and you will earn a large payout." When the target takes the bait, they click on a link that either downloads malware to their computer or takes them to a convincing yet fake login page where they provide login credentials to the attacker (Wang et al, 2021). Corporations can implement software solutions that help reduce the effectiveness of social engineering. Most malware can be blocked with OS security not allowing the installation of any programs. They can also implement multi-factor authentication in which credentials are paired with another element, like fingerprints or one-time text pins, to allow access to a system (Indusface, n.d.). Many companies have also enabled consumers to use multi-factor authentication to protect their accounts. While these defenses undoubtedly help protect networks, social engineering remains effective and is likely here to stay.  

Bad actors are likely to use a combination of cyberspace attacks and social engineering to achieve their goals. Bad actors can start with a Phishing scam that results in many casual computer users having some malware installed on their computers. This malware acts as a dormant bot, waiting on the host computer for an activation signal. These computers make up a network of bots referred to as a botnet. Upon receiving that signal, the botnet activates, flooding a service with requests from each member. With the botnet activated, suddenly, traffic increases by a drastic amount that the service is not designed to handle, and it crashes. This kind of DoS attack from a wider network of computers is called a distributed denial of service (DDoS) attack. While a DoS attack with its single source can simply be blocked upon detection, the distributed nature of the source of DDoS makes blocking bad traffic harder because you want to keep good traffic. Blocking everything still denies the service's functionality, which is a win for the bad actor. While protecting against botnet DDoS attacks is more challenging, it is not impossible. One DDoS defense is rate limiting, which blocks specific device requests after reaching a certain number (PingIdentity, n.d.). Bad actors can combine and layer social engineering and cyberspace attacks to harm networks in countless other ways or users. 

This post only touchs the tip of the iceberg regarding cyberspace attacks, social engineering, and network security. Network attacks will come in various forms depending on the attackers' goals and means. Network security is a balance of protecting sensitive information and systems from bad actors while still allowing access to those who need it.