Essential Guide

Enterprise architects' guide to success with mobile apps for business

A comprehensive collection of articles, videos and more, hand-picked by our editors

Where does security come into play with mobile app trends?

As more people gravitate toward mobile devices to access personal data, security needs have risen to be among the major mobile app trends.

In 2014, mobile app security will be hard to peg down, because the rush to get new mobile apps will foment rapid development and release. Expect to see security problems as developers yield to the temptation to focus on features and neglect security, said Andrew Kellett, principal analyst, Ovum Research. Another research firm, Gartner Inc., predicts two-thirds of mobile applications will fail basic security tests between now and 2015.

Keeping mobile apps and the data therein secure will require constant up-front work in development, as well as constant vigilance of software technology and mobile device trends. In particular, watch trends in user authentication, biometrics, voice, fingerprint access and usage patterns, said Kellett. In this article, he and mobile security experts Domingo Guerra and John Overbaugh examine mobile app trends and usage that spell trouble.

smartphone apps with security shield

Developers who rely on third parties to manage login credentials should pay special attention to the massive security breach and mobile app trends, some industry insiders say. Hackers who obtain login credentials for websites like Facebook and Twitter can potentially gain access to users' applications, according to Guerra, president and co-founder of Appthority, a company specializing in application risk management.

"Because of the growth in social media SSO [single sign-on] in the app ecosystem, an estimated 60% or more of the top apps leverage social media SSO and let their users log into the app with other accounts such as Facebook and Twitter," Guerra said. "Most of the use of social networking SSO is actually to facilitate social interaction, but by having the user log into an app with a Facebook account, the developer also gains instant access to some of the user's Facebook information."

Mitigating mobile security risks

Secure coding techniques have emerged over the years, Kellett noted, that have been effective and need to be applied to the mobile environment. "Quite a lot of folks are still at the stage where they are developing apps from the home office or the garage environment," he said. "There isn't anyone looking over their shoulder to make sure their techniques are up to standard and appropriate."

It is almost as easy to write secure code as it is to write insecure code -- you just need some education.
John OverbaughCaliber Security Partners

Reducing security risks in the development phase boils down to education and applying basic security controls, bringing in qualified help and using a qualified penetration tester, according to Overbaugh, managing director, Caliber Security Partners. "It is almost as easy to write secure code as it is to write insecure code -- you just need some education," he said.

While following such actions cannot completely eliminate any chance of a security breach, they will make it more difficult for unauthorized parties to wreak havoc on an application. "Right now there are so many mobile applications out there with gaping holes that if people try to find the top five or 10 mobile security weaknesses and don't find them in your application, they are very likely to move on unless you are a target of choice, rather than a target of opportunity," Overbaugh said.

While somewhat annoying for consumers, having authorization tokens expire at a higher frequency can also reduce the likelihood of credentials becoming compromised, according to Guerra. Another helpful, yet often overlooked step developers can take is to use HTTPS. "Developers should always encrypt traffic, especially when transmitting auth-tokens and user credentials," he said.

Security and mobile app trends

Rapid application version changes will cause problems if not managed well, according to Kellett. For example, poor version control protects customers from fake apps. "It's important to be able to prove that there are real versions in the app store and indeed the version the developer made hasn't been tampered with between leaving them and being received and accepted," he said.

Bottom line, mobile app security is something developers need to act upon now. "It doesn't matter what hackers are trying to do -- if you can lock down your app they can try everything under the sun," Overbaugh said. "It's a cat-and-mouse game right now. The developers, especially for the mobile platform, are woefully behind and not paying any attention to catching up."

About the author:
Maxine Giza is the associate site editor for SearchSOA.com and can be reached at mgiza@techtarget.com.

Follow us on Twitter @SearchSOA and like us on Facebook.

Next Steps

Mobile apps at forefront of technology

Using MBaaS for enterprise apps

Mobile app modernization needs rise

This was first published in December 2013

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Enterprise architects' guide to success with mobile apps for business

2 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close