The BBC reports that one of the silliest and least useful apps of all time – a messaging service called Yo – has major security flaws. That's not really accurate. To say that Yo has "security flaws" is a bit like saying the Titanic just sprang a leak.
College hackers were able to get the app to reveal any user's phone number, send push notifications to any user, spam users, and spoof messages. In other words, pretty much every feature of this mobile messaging app had a major flaw.
Perhaps we shouldn't be too harsh on the messaging app, if you can call it that. It only took the founder eight hours to code and has one function: users can send their friends the message "yo." That's it.
Sure, the app might seem pointless to you, but it actually raised $1 million in seed funding from Silicon Valley entrepreneurs, has hundreds of thousands of users, and reached the top-selling spot in Apple's app store. During Yo's meteoric rise, it even spawned a spinoff that messages "yo" to users every time a goal is scored at the World Cup. Though the app might be silly, there's real money on the line and significant data risks for its users.
Yo Trouble Could Be Your Trouble: A Study in Mobile Liability
How did Yo's founder find out about his program's security flaws? Well, he got a text message from the Georgia Tech college students who were able to access his phone number after hacking the mobile app.
The sudden security questions surrounding the app drive home a point that many IT professionals have long been making: security must be incorporated throughout development, not something tacked on at the end.
We've seen this lesson time and time again. Our blog post "The Tech Startup Data Problem: Hacking as a Rite of Passage?" shows how security concerns plagued SnapChat and WhatsApp. As apps grow in popularity, any fundamental security flaws become apparent, exposing thousands (or millions) of users to a data breach.
Let's look more closely at mobile development liability and other security takeaways for small-business IT professionals.
Understanding Mobile Data Risk: Avoid Yo's Security No-Nos
On this blog, we've covered how valuable mobile development can be for small businesses (see "Internet Marketing & Digital Advertising Professionals: The Value's in Mobile"), but all this new value comes with substantial lawsuit risk. Here are some of the new IT liabilities that have accompanied the boom of mobile apps and mobile-friendly workplaces.
- BYOD risk. Sure, the Yo app is silly, but what if a client's employee had it on their phone? By exposing their data, a flawed app could compromise the employee's data security. If their phone is breached and the employee uses it on the client's network, it could expose the company's data to an attack.
- Third-party risk. If you recommend a mobile app or SaaS for your clients, you can be liable if that app has a security flaw. It's strange to think that you could be liable for another company's product, but that's the risk that many IT consultants have. You can be sued if an app causes a data breach, loses your client's data, or has other problems.
- Financial risks. Data breaches, security flaws, or other mobile problems all come with a price tag. If your client loses productivity or has to suspend operations, they could sue you for lost revenue. If a client suffers a data breach, they may look to recoup those expenses by suing their IT contractor.
Insurance for mobile developers or IT project managers can protect them from the cost of data breach lawsuits and other lawsuits over the quality of their work or the apps they recommend.
To cover your IT business, you can get Errors & Omissions Insurance, which protects you from the costs of IT lawsuits. See our sample insurance quotes for IT contractors to learn more about your coverage options.