Tips For Better Mobile App Security by Melissa Crooks. Available from <http://www.businesszone.co.uk/community/blogs/melissacrooks/tips-for-better-mobile-app-security> [Feb 24, 2017]
Mobile devices let us do almost everything online—from anywhere, and at any time. We can now do our banking, control all internet of things devices, track our fitness, shop, and work remotely. Driving this productivity are various mobile apps—software that links to servers and APIs around the world and delivers services, data, and, ultimately, convenience and value to users.
Apps and smartphones are targets for malicious activity. Hackers with malicious plan can:
- Insert malware into applications and devices. It can then access data, store the user’s keystrokes, and steal their screen lock passcodes.
- Alter or copy your application’s code and reverse a spoof application containing malware.
- Divert sensitive information over the airwaves.
- Steal data for fraud or identity theft purposes.
- Get hold of private business assets and intellectual property.
- Access your IP and compromise your firm’s back-end network.
Mobile applications and the APIs that control them can make data and systems vulnerable if they are not properly secured.
How app developers can protect their apps
If you’re building an app, chances are you have stopped to think about how to secure the app, data, and customer’s data.
1. Secure the app code
Just like any software project, your mobile software security has to be a priority. Many vulnerabilities can lay in the app’s source code, but that is not where companies focus their security spending.
Protect the app code with encryption. The code should be secret, and difficult to read. Minification and obfuscation are common measures, but they are not enough. Use modern algorithms along with API encryption.
Test code for vulnerabilities, and run source code scanning. Keep in mind things such as runtime memory, file size, performance, data and battery usage as you add security to your app. You want the app to be secure, but it shouldn’t be at the expense of user experience and performance.
2. Secure network connections on the app’s back end
Cloud servers and servers that the app’s APIs are accessing should have security measures to protect data and also prevent unauthorized access. Containerization is one method of building encrypted containers for storing your documents and data securely.
Get a network security specialist who will conduct vulnerability assessments and penetration testing of your network to make sure the data is always protected.
Database encryption or encrypted connections using a VPN, SSL, or TLS add extra security.
3. Place identification, authorization and authentication measures in place
If the app relies on a third party’s API for functionality, be cautious. You depend on their code for safety. Make sure the APIs that your app uses provide access to the different parts of the app that are necessary to minimize vulnerability.
A gold standard is OAuth2 and its used for managing secure connections through user-specific tokens and one-time tokens. JSON web tokens are lightweight and perfect for mobile security.
OpenID Connect, on the other hand, is a federation protocol designed for mobile. It lets users reuse their credentials across multiple domains using an ID token, so they’ll not have to register at each point.
4. Have a strong API security strategy
Since mobile development cruxes squarely on APIs, a huge portion of securing apps is securing the APIs. There are 3 main security measures that encompass a well-planned API security stack: authentication, identification, and authorization.
Mobile is where users are, and where hackers are loitering to try and collect sensitive information. With a solid security strategy, web development companies can secure their apps.
Tips For Better Mobile App Security by Melissa Crooks. Available from <http://www.businesszone.co.uk/community/blogs/melissacrooks/tips-for-better-mobile-app-security> [Feb 24, 2017]