Security for mobile applications

Security capabilities differ considerably depending on the channel used. By channel I mean the technology used for the user interface and the communication mechanism to the back-end application. Some channels allow for no encryption at all and are deemed to be very insecure. A standard text SMS would be such a channel. The text cannot be encrypted so entering a password in an SMS is not a good idea. SMS messages use a store and forward protocol and thus can be intercepted and changed. In addition to this they are left in the 'Sent Messages' list on the users phone. More secure channels such as the SIM Browser solution from Gemalto and Smarttrust allow for data encryption within the SIM card of a GSM mobile phone. The encryption normally used 3DES and a secure key resident on the SIM card. This channel will be extremely secure as the encryption is performed within hardware components. For the MTN Banking run by the MTN mobile operator a Mastercard PIN is entered on the mobile phone.