Aspects of analyzing the security and vulnerabilities of mobile applications

The given article deals with the variants of mobile applications’ local data protection on devices with operation systems Android and iOS. The following programs have been investigated: messengers WhatsApp, Viber, Telegram, WeChat, Signal. The conducted analysis let define and classify the programs for protection mechanisms, the types of stored data, the required tools and technologies, as well as the techniques for improving the protection of the stored local data. As it turned out in the course of this research work, locally stored software data on the device is not given enough attention in terms of protection, as in some cases, this protection is based solely on the mechanisms of the operating system of the device. For more reliable protection of locally stored data of the application it is necessary to implement the following approaches in the application: encryption of both the database in full and some critical data in it separately by an additional layer of encryption; encryption of files that appear during the program execution (media files, for example); coding and representation of data in a program using proprietary algorithms; the use of confusing names of critical files and data (the key file should not be called “key”, as in the case of WhatsApp), and data traps; the encoding of the configuration files containing sensitive information to ensure the security of the data; making the functionality of the kernel cryptographic transformations in a separate plug-in library in order to make the study of the decompiled source code on the subject of these reforms meaningless.