Don't Neglect Mobile App Security
Friday, 02 November 2018

As people become increasingly reliant on their smartphones and other mobile devices, it’s clear that mobile app development brings some fantastic opportunities to developers. It’s also crucial to develop your mobile apps with the importance of security at the forefront of your mind at all times.

Unsecured mobile apps provide ample opportunity for cybercriminals to conduct illicit activities and steal sensitive information. Consider that in many mobile apps, people input a wealth of information about themselves, such as names, addresses, phone numbers, and credit card details. One serious security breach can cause people to lose trust in your app, and a great idea can turn into a personal nightmare.

Traditional information security practices, such as anti-virus software and web application firewalls, fail to protect mobile apps and are only used within enterprises. The information security industry is having to evolve—this blog on information security highlights the latest news, insights, and innovations in cybersecurity, some of which you may find useful.

Additionally, here are five excellent data security resources you should know about when to help protect your apps as you develop them.

1. Upwork Tips for Better Mobile Application Security

resource1 upwork

Upwork’s excellent mobile app security resource highlights eight really good tips, including prioritizing security from day one of development. Too often security becomes an afterthought, and this is where issues can start to creep in. Best practices within this tip include encrypting application code, attempting to balance security with performance and user experience, and not relying on app store approval to verify watertight security. 

From this single tip alone, developers get some excellent ideas, so check out the rest of the seven tips in the article for more best practices on protecting your apps.

2. Techtarget's Guide to Mobile Application Vulnerabilities

resource2 techtarget

Techtarget does a stellar job of explaining the most common sources of mobile application vulnerabilities. While it’s probably clear in your mind by now that security is crucial, it’s equally as useful to know where the main vulnerabilities in mobile apps arise. Techtarget’s round-up of mobile app vulnerabilities covers issues such as storing application data as plain text, a lack of encryption, and data leaking from syncing with the cloud.

3. Testbytes 8 Important Steps To Secure Your Mobile App

resource3 testbytes

This resource by testbytes is targeted towards developers and can be useful as a checklist or mini-guide to securing your mobile apps as you develop them and post-development. The first step is to secure the code, which you can do by encrypting your code, using vulnerability scanners,  and making it easy to port between devices and OS.

Another useful tip relates to protecting application data. The resource recommends creating encrypted containers for secure data storage. Other helpful recommendations include using OAuth2 and OpenID Connect for identification and authorization.

4. IBM Secure Mobile Application Development

This Youtube video features a talk by Tom Mulvehill, Senior Product Manager on the Application Security Product Management team at IBM Security. Tom speaks with expertise and insight on mobile app security, and it’s interesting to listen to him covering several topics within the twenty-minute video duration. Tom talks about how mobile application security risks are growing, how mobile app security differs from web-based app security, and how development teams may introduce security risks into applications. 

There’s also a useful discussion on addressing mobile app security risks early in the development cycle. Particularly if you develop mobile apps for an enterprise, the earlier you address vulnerabilities, the easier you can keep up with the fast-paced nature of modern development teams that emphasize agility.

5. TechRepublic How To Build A Secure Mobile App

resourcessq

There are several articles of this nature online, and some of the points overlap. However, TechRepublic’s version contains some additional useful insights. A particularly important point raised in this resource is the tip that advises developers not to rely on the safety of third-party dependencies. Developers often use freely available open-source components, such as libraries and frameworks because they provide ready-made functionality to their apps. It’s important to be diligent about the third party components that make it into your app. Make sure you trust your dependencies.

Other helpful tips in this resource include thinking like an attacker as you are writing your code, which helps you to get into the mindset of not overlooking potential vulnerabilities.

Conclusion

That wraps up this list of five security resources for protecting your mobile apps. By using the knowledge gleaned from at least some of these resources, you’ll be much better placed to build your future mobile apps to be as secure as you can make them. In this way, you won’t waste your developing talents and excellent app ideas on creating a really good app that suffers a serious security breach due to easily preventable vulnerabilities.

 

More Information

Information Security Blog

Related Articles

Don't Neglect Open Source Security

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

 

Banner


Extend NGINX With The New JavaScript Module
28/10/2024

Inject middleware functionality into NGINX with the expressive power of Javascript. NGINX JavaScript or NJS for short is a dynamic module under which you can use scripting for hooking into the NGINX e [ ... ]



C23 ISO Standard Is Here But You Probably Won't Read It
06/11/2024

At last ISO C23 has been published, but at $250 you probably aren't going to read it. Can we really tolerate this sort of profiteering on the work of others? This is worse than academic publishing!


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info