The Importance of Mobile App Security

The overall quality of an app relies on a number of factors, including the User Experience (UX) and User Interface (UI) as well as the overall integrity of the app. But however hard you work on making your app look and work great, it’s all a waste of time if you don’t think seriously about mobile app security.

The issue of data security is seldom far from the headlines. A data breach can lead to personal data or credit card information being obtained, or can even be used by the attacker to take over the device itself. The results can be devastating for you and your customers.

Ensuring Mobile Data Security

Mobile Data Security is a tricky business. Attacks and attackers are becoming more and more sophisticated, meaning you constantly have to be ahead of the game. Building an app with sound security principles in mind is one thing, but in order to keep your app safe over time, it’s important to keep updating the security on an ongoing basis. Some considerations for mobile app security include:

• Proper encryption of person sensitive data. This includes the encryption of data  stored within a local database, as well as data transferred through an API
• Proper user authentication, including methods such as two-step identification and timed logout. It’s also important to restrict to one set of login credentials per device.
• Implementation of safe communication standards, eg. End to end encryption and ensuring you have a current SSL certificate.
• Server penetration (Pen) testing. Regularly pen testing servers is essential to maintaining the security of the data stored within them. During a pen test, a benign hacker will attempt to break through the security and highlight any issues which can then be rectified.

Other considerations, specific to mobile platforms include:

• Masking the app’s view when switching between apps so the app’s content cannot be viewed during the switch
• Securing clipboards so that data copied from a clipboard in one app is unavailable in another Inter Process Communication (IPC) protection. This ensures system components are able to communicate safely with one another within the app.
• Secure UI, eg. Ensuring passwords are masked during input

Android-specific considerations

Unlike the iOS operating system, which is a closed system, Android is an open system. This has a number of benefits when it comes to entrepreneurship and allowing smaller independent app developers to make their mark, but it does throw up some additional security considerations and makes the Android system a little more vulnerable to security threats. Some of the key considerations when developing for Android include:

• Code obfuscation. This limits reverse engineering and ensures your app cannot be cloned
• Blocking access to overlapping apps, preventing access from ‘scraping’ from apps layered on top of the active app.
• Managing permissions within the app to ensure the app is unable to take control of elements of the device without user permission.

iOS-specific considerations

Although iOS is a closed system, which limits a lot of the security issues present in Android, there are still a couple of things to consider in making an iOS app completely secure.

• Ensuring you use App Transit Security (ATS) for all web connections. This is particularly important if your app relies on the streaming or download of third party content
• Ensure file data protection is enabled to prevent information within the documents from being obtained.

Regular updates

As mentioned before, security is an ongoing consideration. Hackers become more sophisticated and so you have to keep your app ahead of the curve. This means frequently reviewing the app security and providing regular updates to the app to ensure it is protected against the latest threats. In addition, both Apple and Google roll out regular updates to their operating systems. It is important to update your app in line with these to ensure your current app architecture continues to meet the requirements of the operating system in order to maintain its integrity.

Data security is not to be taken lightly but Atomic are here to help take the pain out of it for you. If you would like to discuss your requirements, a member of the Atomic team will be happy to help. We can either offer a full security audit on an existing app, or develop an app from the ground up with solid security principles. Get in touch today to find out what we’re able to offer.