Tips to Improve Your Mobile App Security
Ten years ago we may have asked, “How did we even exist without the internet?”
Now the same can be asked about living without our mobile devices.
Mobile devices provide us with the benefits of the internet from the convenience of our own bathtub, beach or BBQ.
They let us do our banking, improve our fitness, talk to friends 10,000 miles away, shop, play games, and even work from pretty much anywhere on the planet. Driving this high level of convenience and productivity are a multitude of mobile apps—software that connects to APIs and servers around the world to deliver data, products, services, and value to their users.
But, according to UpWork, this all has to happen under a cloak of well-engineered security. Otherwise, companies risk jeopardizing their apps, their own system, their customers’ information, and their own reputations. That’s because where digital activity thrives, online and mobile hackers are never far behind.
Apps and mobile devices are big targets for malicious activity. Arxan Technology’s 2016 State of App Security Report shows that 90% of apps surveyed had at least two out of ten of OWASP’s major security risks. Arxan also reported that around 50% of organizations haven’t allocated any spending toward mobile app security—a pretty big discrepancy when you consider the risks of not securing a mobile app.
~ Inject malware into apps and onto devices where it can access data, store keystrokes, and steal screen lock passcodes.
~ Tamper with or copy your app’s code and reverse-engineer a spoof app containing malware.
~ Intercept sensitive information traveling over the airwaves.
~ Steal customer data for identity theft or fraud purposes.
~ Get hold of intellectual property and private business assets.
~ Access your IP or compromise your company’s back-end network.
WHAT CAN YOU DO TO SECURE YOUR MOBILE APP?
~ Protect app code with encryption. You want the code to be secret, and hard to read. Obfuscation and minification are common measures, but they’re not enough. Stick with modern, well-supported algorithms coupled with API encryption.
~ Test code for vulnerabilities, or run source code scanning. Hardened, secure app code should be portable between devices and operating systems, and be easy to patch and update. You don’t want users stuck without an update after a breach, so engineer code to be as agile as possible.
~ Keep in mind that things like file size, runtime memory, performance, and data and battery usage when adding security to an app. You want it to be secure, but not at the cost of performance and user experience.
~ It’s easy to rely on an app store’s approval as proof that your app is secure, but that would be a mistake. Apps have to be tested and approved, but app store approval processes aren’t 100% infallible as some unsafe native apps have been approved in the past.
If your app takes payments, it must comply with the rules and regulations of the Payment Card Industry. Hackers are moving from online to mobile just like everyone else. It’s not a matter of if, but when hackers will access unsecured apps. Companies like Trust Guard can provide app developers with the malware and vulnerability scans they need to stay one-step ahead of online and mobile threats.
Thanks UpWork for your article on this subject.