Blog

When Developers Hijack your Code… How to Prevent Malicious Activity

January 3, 2022

Posted by: DevDigital

When Developers Hijack your Code… How to Prevent Malicious Activity

One of the great disasters that can befall a software development project is to have an angry developer hijack your code by refusing to turn it over. This rare but potentially disastrous event can be handled in a couple of ways, in theory. The best coping strategy is to prevent a situation where your software project could be ruined by an angry programmer. If code gets hijacked or sabotaged, it might just be possible to recover it too. 

Prevention Measures 

Whenever the code you are paying for is under one person’s control there is a risk of loss. Your IT department can implement several measures to reduce the risk of having a development effort ruined by hijacking or sabotage:  

  1. Control the source code - The single most important prevention step you can take is probably to make sure all that code resides in a repository that you control.  
  2. Use your own app store account – If you control access to the app store, you avoid a situation where a key person just walks away without sharing their account information.  
  3. Control hosting and testing accounts – Don’t let the only copy of your code ends up a disgruntled programmer’s Azure or AWS account. Avoid this by insisting that all development and testing take place on a company-controlled account.  
  4. Domain names need to be in your name – If someone else controls your domain name they can hold it hostage.  
  5. Limit Account Access – Never, ever give developers unrestricted access to your hosting, data warehouse, and so on. 
  6. Be quick to remove access – If your relationship with a developer goes sour, they need to be cut off from access to everything concerned with development or hosting.  

Assuming you’ve vetted your development hires and created a professional working environment, your risk of loss can be minimized by one key strategy: Make sure you maintain control of the code, databases, APIs, app store accounts, and anything else needed for the software to work.  

Sometimes, a developer or hacker injects malicious code into a Website. These hacking attacks expose your login information, financial records, and other data to third parties. If this happens, cleaning up your site can take a good deal of scanning, debugging, and editing to secure the site and repair any damage. Again, there are security measures available to reduce this sort of hijacking risk. As with protecting yourself from a disgruntled developer, prevention is better than treatment.  

What Can Happen When Prevention Fails 

Without getting too technical, sometimes your developers can recover all or most of the code, and sometimes they can’t. The code that runs many Web pages and Web apps, for example, is easy to get. While this is a labor-intensive job, you can rip most of the source code off a website. There’s more work involved but that’s the basic idea.  

Some programming gets broken down into zeros and ones. Skilled programmers can turn that binary code back into a recognizable computer language, maybe. DevDigital CTO Michael Hunt says this is a long shot in real life though. You might come out ahead by simply paying to recreate the software.  

Software development can be fraught with challenges. You can get avoid or overcome those challenges by simply working with the experts at DevDigital. We have completed over 2000 projects including mobile apps, Websites, and custom enterprise-level software. Get in touch today so we can discuss your software development plans. 

Share this


Add Comment

Back