As smartphones and tablets become more common, companies are developing mobile apps for their employees and customers. In this guest post, Dean Vella offers some tips on how to keep those apps secure.
The proliferation of smartphones can only mean one thing: the proliferation of apps to use on those smartphones. Pure Oxygen Mobile estimates that there are more than 1.7 million apps now available at the four major app stores; the Google Play store leads with about 800,000 apps followed by the Apple store with roughly 775,000 apps.
The Federal Trade Commission (FTC) estimates that about 1,000 new apps hit the market every day, and a technology-hungry population is often quick to give them a spin on their devices. A March 2013 report from ABI Research projected that mobile and tablet users will download 70 billion apps in 2013. That equates to about 10 apps for every human on the planet.
For developers, the rapid growth in the number of apps available and their distribution channels has made secure coding a major priority. Programming experts recommend making security an integral part of each phase of development, from planning and design to launch and post-release support. A development team member should be designated as the point person for security – someone to ask questions and make sure all bases are covered.
Secure life cycle
A life-cycle approach to security means a few things. At the very basic level, it means developers should receive adequate training in writing secure code. The FTC also recommends that developers be familiar with securing software, data transmissions and servers. The quickly evolving world of security threats and best practices makes staying informed and up-to-date a sizable challenge, but a necessary one nonetheless. It may be advisable to consult app security experts or other developers to examine code for potential weaknesses.
The life-cycle approach also means incorporating security into an app’s design. T.L. Neff, executive vice president of global client services for Verivo Software, recommends designing apps to minimize the amount of sensitive data displayed in them or allowed in downloads.
In a November 2012 article for Wired, Neff used the example of an enterprise app that keeps sensitive data on the server side and limits its display to times when the authorized user is within the coverage area. Using graphical indicators instead of the data itself can also be a good idea, according to Neff. For example, a user’s birthday might be indicated by a small boxed icon instead of the actual date. Color coding can also be an effective replacement for actual data.
An important factor to remember is that many users rely on unsecured Wi-Fi networks in coffee shops, airports and offices to access their data and apps. To counter potential security breaches, app designers should consider the use of transit encryption to safeguard user names, passwords and other privileged data.
The final phase in the life-cycle approach is to continue monitoring the performance of apps following their release. The FTC advises developers to read user feedback, which can often point to problems and vulnerabilities. Developers should also have a plan in place for deploying updates should they be needed.
About the author: This guest post was provided by Dean Vella who writes for University Alliance.