Mobile adoption is strategic in every industry today. Although it can be a great catalyst for growth, the security risks that come with it cannot be overlooked. Even though this fact is established, many companies are still not following some of the mobile application security best practices. To help businesses and consumers win the mobile application security battle, we have curated a list of the top mobile security resources.

But before we dive deep into the importance of mobile application security and list of the top mobile security resources, let’s have a look at some interesting stats related to the mobile ecosystem.

How Mobile Has Become a Critical Part of Our Everyday Life

 

– Let’s begin with an essential question – how many mobile apps does the average smartphone owner in the United States use per month? Would you believe that it’s over 35? Furthermore, on average the top 20% use over 45 apps per month. If those numbers surprise you, it’s because apps have become so seamlessly integrated into our lives that we often don’t realize just how frequently we turn to them each day.

– Total time spent in apps worldwide in 2016 reached 1.6 trillion hours, an increase of more than 50% year over year. Across mature markets, users on average are spending two hours per day — which equates to one month out of every year — in apps.

– As impressive as the current level of usage is, the app economy is nowhere near its peak. We forecast that time spent in apps will more than double to 3.5 trillion hours in 2021. (Source – App Annie)

– According to the comScore report, the number of mobile users surpassed desktop users in 2014.

– Gartner’s prediction narrates that over 268 billion mobile downloads will generate an income of $77 billion in 2017.

– The estimated global mobile app revenue was $35 billion in 2014, $45 billion in 2015, $58 billion in 2016, and a predicted $77 billion in 2017, as stated above.

– The statistics indicate that people who fall in the age group of 18 to 24 years of age use more mobile apps than any other group. They are followed closely by 25 to 34 years, 35 to 44 years, 45 to 54 years, and then over 55 years, respectively.

– Mobile Commerce is predicted to account for 45% of all online purchases by 2020.

– Facebook research says, 73% of people have mobile devices. On the other hand, GoogleAnalytics 2014 concluded that average mobile sessions are 1 minute 10 seconds or 177 minutes per day.

 

The increasing number of smartphone users in the global market has led to a tremendous increase in the number of apps that consumers use on their phones. The Apple App store boasts close to 2 million of these apps while Google play has over 2.2 million Apps. This number is expected to increase in the future.

Looking at the above stats, one can get to know that how mobile has become a critical part of our everyday life.

Now coming back to the importance of mobile security, in a recent report, Gartner mentioned that over 75% of the mobile applications will fail basic security tests.

In fact, when our security researchers at Appknox performed a research on over 100,000 apps, we found this number to be much higher, over 90%! That’s alarming in different ways.

First, it is alarming because there’s a high probability that your business app will also fail in security. Secondly, this is also alarming because so many such apps sit on the mobile devices of your employees who bring it in every day. Imagine the amount of sensitive data that is at stake here.

A study by IBM highlights the sorry state of affairs today – 33% of organizations never test the mobile applications they develop and 40% of enterprises – including Fortune 500 companies – do not protect the customers for whom they are developing apps.

Recent Mobile App Data Breaches

– The New York Post suffered a security breach early this year when its push notification system was compromised. Unknown attackers used the system to send out messages to users of the New York Post mobile app.

– A serious data breach at Quest Diagnostics that led to hackers accessing 34,000 people’s health records was the fault of an unsecured mobile app, the company said in a statement. The company’s MyQuest app, which is available for Apple and Android devices as well as the web, was the source of the breach.

– Wishbone, a mobile app that is especially popular with teenage girls, suffered a data breach in August 2016 that compromised 9.4 million records, 2.2 million of which were registered with unique email addresses.

– A software flaw in the Moonpig’s Android app let a researcher access the records of any Moonpig account holder he tried, in theory compromising a total of three million people. As serious, the researcher reported the issue to the firm 18 months before going public in early 2015 after receiving an inadequate response. Significant partly because it involved a mobile app rather than the more common website breach.

– Some more infamous mobile app security breaches that took the security ecosystem by the storm were – Starbucks Hack, Ola App Bug and FoodPanda Hack.

 

Why is Mobile Application Security a Big Deal?

To understand why this is a big deal, we need to take a more holistic view. Let’s scale this up. There are many reports out there that have proven that more than 90% of mobile applications are vulnerable and there’s a median of around 6.5 vulnerabilities per app.

At the same time, over 4,000 apps are being added to the popular apps stores every single day. On average, a smartphone user downloads 36 apps. Put this all together and it will present a scary picture for any business.

 

So, Why are Businesses Not Taking Mobile App Security Seriously?

There are several factors to blame for the lack of importance given to mobile application security. But if I have to be straightforward about this, then the fact is organizations put a lot of focus on things like features, performance, etc. rather than on security issues.

Often developers count on the platform they are building on or focus on things like speed and usability. In some cases, companies do not have a consistent and clearly defined security and QA testing as part of the SDLC. And in some other cases, developers are simply not aware of the mobile application security best practices.

In our efforts to keep businesses and consumers aware and proactive towards the mobile application ecosystem, we have curated a list of our top mobile security resources that includes mobile security best practices, industry reports, top mobile security vendors lists, Android and iOS application development checklists and the latest trends in the mobile application security world.

Ultimate Collection of Mobile Security Resources

 

1) Top 5 Security Issues in Mobile App Development

Most recently, a lot of established companies like Yahoo, Snapchat, Starbucks, Target, Home Depot, etc. have been through a PR disaster. Do you know why? Simply because some attacker out there found a flaw and could exploit it.

While there are numerous things to look for under security, we’ve put together a bunch of areas that you can address when building apps. Here’s a list of the top 5 security issues in mobile app development.

 

2) Three Basic Mobile Security Principles Every App Developer Should Know

One of the most important aspects of mobile application development i.e. securing an application usually takes a setback due to lack of understanding of basic building blocks of mobile security.

At the heart of Information Security lies the 3 basic principles that all mobile security enthusiasts & application developers should be aware of & implement them in their day to day activities. Here’s more on the above-mentioned principles.

 

3) 10 Measures To Meet OWASP Security Guidelines for Your Mobile App

Here’s a list of the top 10 mobile security risks as defined by the OWASP Top 10 Project for Mobile. Understanding these risks and the OWASP security guidelines can help you prepare your app and protect yourself, your data and your users. The complete list can be found here.

 

4) Security Report of Top 100 Mobile Banking Apps- APAC

We recently conducted a research which revealed that more than 85% of mobile apps fail basic security testing. We chose APAC to be our region of study, picking from 106 banking apps that work and operate in this region and analyzed their Android applications across 14 threat scenarios. Here are the key findings from the report.

 

5) Securing Mobile Banking Apps – 3 Things CIOs Must Take Care Of

Banks have always been the favorites for hackers. Securing mobile banking apps has been one of the biggest challenges for CIOs across all banks in the world.

Since mobile is a relatively new and unexplored landscape as far as security is concerned, it is important for businesses to take extra measures to ensure better security. A comprehensive security approach is the need of the hour which should comprise of the following scenarios as mentioned in this article.

 

6) A Global Analysis Of Mobile Security In E-commerce Apps

We put 500 of the top global E-commerce mobile applications through a rigorous automated testing process using our in-house mobile app security solution. As a part of this security testing process, each application went through 14 different test cases.

We found out that 95% of these apps fail basic security testing. Here are the key findings from the E-commerce report.

 

7) Top 5 Cyber Threats Ecommerce Companies Should Watch Out For

With the proliferation of mobile apps in the Ecommerce ecosystem, cyber threats have also increased, primarily because of the vulnerabilities found in these apps due to the inadequate technical controls and also due to the poor security practices of the mobile app owners.

Here is a list of the top 5 cyber threats that Ecommerce retailers should watch out for.

 

8) Ultimate Android Security Checklist While Launching Your Android App

As you build your app and work on your mobile strategy, it is essential to test your application across various parameters – Performance, Usability, Functionality, Compatibility, Load, Security, etc. Since time to market is essential, most businesses often neglect the security testing part.

Since time to market is essential, most businesses often neglect the security testing part. Keeping this in mind here’s have an ultimate security checklist of different test cases to take care of before you launch your Android app, and even if you already have, it might be good to revisit.

 

9) Ultimate iOS Security Checklist While Launching Your iOS App

Ensuring the safety of the information of your customers and your business is very crucial. Here is a list of important iOS security checks that should necessarily be done while building and launching your mobile applications. It is important to note that this is not an exhaustive list and threat vectors might still exist. The intention is to make it really difficult for hackers to try and break into your app.

 

10) Gartner’s List of Top Mobile App Security Testing Vendors

Gartner recently conducted an in-depth study of the mobile application testing environment and has identified many mobile app security testing vendors that have built innovative solutions to combat the challenges of the mobile application ecosystem.

Here’s the list of Key Findings from this Gartner’s study about mobile app security testing.

We hope that businesses and consumers are able to stay ahead of the mobile security curve with the help of the above mentioned mobile security resources.

To further help businesses understand the importance of security and to showcase real-world examples of how your mobile application can be breached, we are running a special initiative called Secure Our Soul. This is a free 20-minute exclusive session with our security researchers who will demonstrate how the security loopholes in your application can be exploited.