Data breaches happen because of insecure code. Even a talented mobile app developer does mistake and writes bad code. But let me clear this thing that there is no relation between making a secure app and the talent of an app developer. It actually has relation with how a mobile app developer is trained, and how much experience does he/she has to address security concerns associated with an app development project. Until and unless developers follow the best of the mobile application development practices, it is hard to ensure the best of the securities with an app.
Reports from various sources show that security is still a serious issue in mobile application development industry. Here is some mobile security related reports from various forums:
Cruxialcio.com – “Expert: Android Security Flaw ‘A Major Concern”
Antone Gonsalves from Cruxialcio.com has shared in his article that a newly discovered security flaw is believed to affect almost 90 percent of Android-powered devices. However, it’s not a widespread problem but still a bit serious matter. The article further refers a latest IBM report that says security hole in Android KeyStore service has affected all devices running the Android 4.3 Jelly Bean version or below.
Many people think only Android is prone to risks but Apple iOS powered devices do have security flaws.
Mobilecommercepress.com “New Report Finds iOS Mobile Devices are Just as Susceptible to Attacks as Android Gadgets“
Lucy Sanovy from Mobilecommercepress.com has referred a report from Marble which reveals that chances of being attacked on iOS or Android devices are equal. The report is totally against of several previously conduced reports that indicated iOS offering the safest operating system environment. Marble’s report has shaken up the belief of Apple users that they don’t have the securest mobile devices.
It doesn’t mean that these security flaws cannot be removed. OS developers are aware of all these issues and keep working on fixing them with each new OS update. But it also doesn’t mean that OS developers like Google and Apple are only the responsible parties behind mobile security breaches. In fact, a mobile app developer is more responsible. Most of the security risks are caused by apps.
Cenzic.com – “Cenzic Application Vulnerability Report 2014”
The report says that 96% of both web and mobile apps had at least one serious defect. The same was estimated as 99% last year. It was also revealed in the report that cross site scripting is top reason behind vulnerabilities. And apart from pure mobile apps, risks were discovered in mobile web applications too.
Veracode.com “State of Software Security Report”
A 2013 report from Veracode State of Software Security revealed that 70% of apps in their analysis failed to fulfill the security policies of enterprise mobile solutions.
So there are tens of reports that say mobile applications aren’t security breach-protected. And regardless of whether the app is developed by single developer or a professional mobile application development company, there are security issues with apps of all them. There may be several causes such as the business culture of the developers, demand of implementing specials features, lack of experience in implementing security measures, bad ways of coding, etc.
Here are top five places where a mobile app developer less or doesn’t concentrate on and tends to build insecure apps. If these things can be avoided, developers would be able assure safety with each of the apps.
Taking security as no priority
In a comScore study of 2012, it was revealed that half of all US mobile developers do not bother about taking security as a priority. While working on a mobile application development project, they take the attitude of dealing with securities issues when they will discover them. It means that they give less weight to consider the security of mobile app as the part of its development process.
Keep using a code again and over again
Many developers continue to develop code in C/C++ because they can use it again and again and extend. It’s true that an app developed using C/C++ deliver better performance but many security holes are left open when adopting the same code in difference apps. One hard to eradicated issue is susceptibility to lower level memory flaws
Inadequate Security Requirements
For apps of banking and healthcare, there is no set regulation that require developer to integrate security apart from a superficial compliance with a generic list. In result, app developer do not do proper security check and left the app vulnerable.
Believe completely on vulnerability scanners
Many mobile app development companies heavily believe on vulnerability scanners. But these scanners cannot be fully reliable. They can miss a lot of risks and a code through them cannot be checked until the build processes ends.
The app coded by less experienced developers
Of course it’s the last point but consider it the major one that causes security issues. Knowing to code the apps and security of it are two different things. Developers think they understand the security; however, they forget that having good experience in programming doesn’t ensure that a developer is able to prevent security defects too.
More @ Rapidsoft Technologies