Do's & Dont's in Mobile App Security

2015 is the year of security as said by many top business leaders including Michael Dell and many more. In fact, Michael Dell says “Security is something we need to take care of every single day.”

Over the last two years, we have heard numerous instances of mobile hacks, apps leaking sensitive data, customers losing money and reputation and the business taking a big hit. Here are some statistics:

  • 163% increase in mobile malware in 2012
  • 90% of the Top 100 Android apps have been hacked
  • 85% of the Top 100 iOS apps have been hacked
  • Less than 5% of popular apps have any professional-grade protection against security issues

Here are some quick do’s and don’ts that can help you in securing your apps:

Do’s

  • Use secure mobile app content management systems (CMS) to ensure content is sent securely
  • If you have user data, secure the server, data and app
  • While pulling data from the CMS use encrypted web addresses
  • Prevent SQL injections by filtering user inputs at the device level
  • Update libraries frequently
  • Use the application sandbox to isolate app data and code execution from other apps

Don’ts

  • Believe that all content passed is trusted
  • Save user data to NSUserDefaults or SharedPreferences. Major blunder – will save all user data as plain text
  • Blindly trust the source of any mobile SDK
  • Collect or keep data you don’t need
  • Ever connect to an unsecure backend
  • Avoid detailed code reviews with every iteration

And if you think all this sounds very difficult or if you think you don’t have time to do all this, we’ll take care of it. 
Get In Touch

We’ll run a free scan for you so that you spend time only on things that matter.

If you want to read more about Android security, you can check out this link: https://developer.android.com/training/articles/security-tips.html