10 tips for better mobile application security

Opinion by Maria Redka

No matter what services your app provides, data security should be a priority

Digital technology makes our lives so much simpler in many ways. There are so many things we can do with a smartphone, such as order different products and services, communicate with the world and pay for anything we would like to purchase.

Storing a lot of information on a tiny device that fits in your pocket is convenient. Yet, such convenience has some risks to it. People share too much sensitive data with a wide range of services and devices. Security breaches, followed by lawsuits, appear here and there. They cause huge monetary losses and undermine trust in the safety of mobile applications.

No matter what services your app provides, data security should always come first. Here are ten ways of securing mobile applications.

1. Secure Your Code
Ideally, the app securing process starts simultaneously with the coding process. Developers should secure their code in the application right from the start. Unlike web apps, the security of which often depends on servers, native mobile apps are stored directly to a user’s device. Don’t give any malicious operations a chance to hack. Encrypt the source code of your app. Quality assurance should test the app during the development process to ensure there are no security gaps or errors that might lead to data leak.

2. Run the Tests
Test-driven development is something that should never be compromised because of an approaching deadline. Make sure to test your app at every stage to eliminate every small issue that emerges before it turns into an avalanche that breaks the whole product. Penetrating tests can help you discover any gaps and weak points that can be easily and quickly fixed during the development process, but can lead to major issues if left unattended.

3. Secure the API
App API is one of the most important parts of a mobile application, which can also be one of the most vulnerable parts of the product. Every app must receive an API permission key before they can interact or make changes on the platform you’re working on. You can do more for your app security by incorporating an API gateway. It will tighten the security of your mobile app further.

4. Stop Unintended Data Leakage
Unintended data leakage is one of the major security issues in mobile apps. Nearly every app asks a user for permissions before the installation even starts. To never compromise the safety of your users, restrict the app data resources, encrypt the app data, tokenise the most sensitive data, and make sensitive information as hard to track as possible. It is a good idea to place alerts to the user in places where the sensitive data is likely to leak so they can take the needed precautions.

5. Hire a Security Team
One of the best things you can do to secure your mobile app is to hire a security team from the very start. By allocating sufficient resources to security, you will get a dedicated team of specialists taking care of the product safety for every involved party. They should plan all the security measures that need to be taken in case of an error, security breach or similar issues. In some cases, it is not possible to prevent a security threat, but it’s still important to be able to deal with the situation quickly and effectively.

6. Inform Users How to Protect Their Devices
When you do everything right on your side, sometimes it happens so that a user still poses a security threat to their information. Inform your app users about the threats of a jailbroken or rooted device. Tell them that apps downloaded from unverified sources can steal their personal and financial information. It seems obvious to a developer, but a regular smartphone user might not know it.

7. Impose Access Policies
As a developer, you can facilitate the security of your application by using exclusively secure libraries and frameworks. During the app development process, make sure that the app follows the company’s policies and guidelines as well as local regulations. Google Play and App Store also have security regulations that every app uploaded there should comply with.

8. Use Cryptography Techniques
It is a good idea to use the latest cryptography techniques to protect your mobile application. If you use cryptography algorithms like MD5 and SHA1, we have bad news for you - they have already proven to be inefficient in the face of modern digital security threats. Thus, it is not enough to implement a security algorithm during the development phase. You should periodically implement the latest security algorithm technology into a live product.

9. Implement High-Level Authentication
Weak user authentification is a reason behind many security breaches. High-level authentication can help you secure your application better. Encourage users to set strong passwords, give hints on how to store their passwords properly and warn them about common threats that might not be evident to them. As a developer, you can make an app accept only strong alphanumeric passwords and encourage users to update their passwords periodically.

10. Warn Your Users
There is a lot you can do to ensure the security of your users within your app. However, there are still cases when the security of a user’s data does not depend on the app developer. For this reason, we recommend you to warn your users about possible security threats you cannot prevent. Tell them about jailbreaking devices and offer some tips on how to prevent them and what to do in case such a thing happens. It will improve your image in the customer’s eyes and give your users an opportunity to be more careful with their data.

Final Thoughts
A number of high-profile data leaks showed that securing mobile applications is a must. By taking care of the safety of the app users from day one, you take care of your reputation and safety as well. Even a single mobile app security breach can undermine a user’s trust and loyalty once and for all.

Contributed by Maria Redka, technology writer at MLSDev.

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop