Are your mobile apps a digital reflection of you?

  • Validating mobile app security is a complex, yet critical process.
  • Mobile apps should be designed and integrated with security in mind.

This morning, after I used the weather app, the alarm clock app, and the navigator app to get to work, I realized my phone has become a digital reflection of me!

While we often think of mobile apps as strictly for fun or convenience, many are for serious business. And as apps often rely on contact information, photos, and location, they can be vulnerable to digital snoops, data breaches, and real-world thieves. Work-related apps are important tools and critical in terms of corporate security. If your employees are using mobile applications, or if you’re creating them for your customers, you must verify the application’s security.

Why mobile application security?

Approximately 90% of top mobile apps have access to local files that can contain sensitive customer data, corporate intellectual property, and personally identifiable information. Industry analysts now recommend mandatory security testing and remediation of all enterprise mobile applications, including internally-developed and third-party applications and mobile applications downloaded from unverified sources.

Exploiting software security holes

It’s vital that secure software development best practices are consistently applied, including software written for mobile platforms. Many potential exposures and effects can result from poorly written or malicious applications, such as privacy violations that expose your organization to litigation and loss of customer trust, along with data exfiltration attempts that seek to copy and transfer sensitive data without detection.

Approaching application security

Validating security of mobile applications is a complex, yet critical process. Granted it can be labor intensive and time consuming during tight development schedules and lean staffs, but ideally the application should be vetted through both dynamic and static software code analysis to find security flaws. Evaluating how the application interacts with the device and other applications on the mobile platform and how it stores any local data are critical to catching security issues before they reach the production environment.

Finally, it’s important to formulate a plan for how you will protect data shared with an expanding ecosystem of partners and suppliers, as well as how you will recover from a security breach outside your organization.

Pushing the security envelope

The influx of personally-owned mobile devices – and third-party applications entering the corporate environment via those devices – will continue to impact the operations of organizations. Deploying software specifically designed for mobile platforms will also continue to be a central part of IT strategy.

To minimize enterprise risks, applications must be developed and tested in accordance with widely recognized best practices for secure software. Mobile applications should be written to run with the minimum set of permissions required, and tested thoroughly prior to publishing.

The bottom line: don’t approach security as a set of controls you put in place after apps are deployed. You’ll get better security through a life-cycle approach where you design and test with security in mind. Talk to us about a mobile application security assessment to better understand your app and its risky behavior.

Bindu Sundaresan Strategic Security Solutions Lead AT&T About Bindu