Mobile devices allow us to do nearly everything online—from anywhere, at any time. We can do our banking, track our fitness, control Internet of Things devices in our homes, shop, and even work remotely. Driving this mobile productivity are a multitude of mobile apps—software that connect to APIs and servers around the world to deliver data, services, and, ultimately, value and convenience to users.

But this all has to happen under a cloak of well-engineered security or companies risk jeopardizing their apps, their own system, their customers’ information, and their reputations. Because where digital activity thrives, hackers aren’t far behind.

Apps and mobile devices are big targets for malicious activity. Arxan Technology’s 2016 State of App Security reported that 90% of apps surveyed had at least 2/10 of OWASP’s major security risks. Arxan also reported that around 50% of organizations haven’t allocated any spending toward mobile app security—a pretty big discrepancy when you consider the risks of not securing a mobile app.

Hackers with malicious intent can:

Mobile apps and the APIs that power them have the potential to make systems and data vulnerable if they aren’t properly secured. Customers expect apps to be secure, and it can be easy to take that trust for granted. For apps that deal in large amounts of data or have strict compliance requirements, like finance or healthcare, this is especially true.

What can you do to secure your mobile app?

If you’re creating an app or have an app in market, chances are you’ve stopped to consider how to secure your app, your data, and your customer’s data.

A mobile app has a good bit of plumbing to make it work: there’s the software code itself, the business logic on the back end network and the client side, databases, APIs funneling data between the two, the device and its operating system, and the user. Each plays an important role in the fabric of the app’s security. For companies with mobile apps in a crowded, competitive market, having robust security could be a big differentiator. Here’s a look at a few tips for you to consider with mobile app security, and which experts can help you protect your mobile assets from every angle.

1. Secure your app’s code from the ground up.

Similar to any software project, mobile software security needs to be a priority from day one. However, native apps are different from web applications, where data and software exist securely on a server and the client-side (or, browser) is just an interface. With native apps however, that code resides on the device once it’s downloaded, making it more accessible to those with malicious intent.

Many vulnerabilities can exist in an app’s source code, but that’s not where businesses focus their security spending. Network and data security components are important parts of the overall security picture, but security has to start with the app itself. Vulnerabilities can be caused by developer error, failure to test the code, or your app may just be targeted specifically by a hacker.

Tips:

2. Secure your network connections on the back end.

Servers and cloud servers that an app’s APIs are accessing (your own, or third-party) should have security measures in place to protect data and prevent unauthorized access. APIs and those accessing them should be verified to prevent eavesdropping on sensitive information passing from the client back to the app’s server and database.

Tips:

3. Put identification, authentication, and authorization measures in place.

As with APIs, authentication and authorization technology help users prove to an app who they are, adding another layer of security to the login process.

Tips:

4. Be mindful of how customer data is secured and implement a good mobile encryption policy.

As mentioned above, more of a mobile app’s code and data has to be stored on a device than with a traditional web app because you’re accounting for the varying performance, bandwidth, and quality of devices. The more data that’s stored locally on a device (whether that’s permanently, or just temporarily), the more vulnerable it is.

“Leaky” apps can release customer data without users knowing it—mobile data points that are entered or collected in the background like age, location, device usage habits.

Tips:

5. Have a solid API security strategy in place.

Because mobile development hinges so squarely on APIs, a large portion of securing mobile apps is securing their APIs. APIs flow data between applications, the cloud, and a multitude of different users, all of whom need to be verified and authorized to access that data. APIs are the main conduits for content, functionality, and data, so ensuring proper API security is an important part of the chain.

Tip:

Read more in this article, Tips for Building a Safe and Secure API.

6. Test your app software—then test again.

Testing app code is usually crucial in an app’s development process. Apps are being produced so rapidly, what should be an important step in the process often falls to the wayside to speed up time to market.

When testing for functionality and usability, experts advise to also test for security, whether your app is a native, hybrid, or web app. You’ll be able to detect vulnerabilities in the code so you can correct them before publishing your app out.

Tips:

7. Users: Protect your devices.

App makers can’t do a lot to ensure users have secure devices when they’re downloading apps, but here are a few pointers for users who want to avoid security issues, or identity theft or fraud if a device is lost or stolen.

Tips:

8. If you’re an enterprise organization with a BYOD (bring your own device) policy, use extra caution.

For companies that allow employees to use their own devices, this can also open up the network to hacking vulnerabilities and make it harder for the IT department to regulate access to data on their backend systems. Mobile device management (MDM) products are often a worthy investment, like Airwatch and MobileIron. These can give employees the convenience of working on the go, but also give companies peace of mind when it comes to security.

Tips:

Mobile is increasingly where users are, and increasingly where hackers are lurking to try and steal sensitive information and compromise app security. With a solid mobile security strategy and a top-notch mobile developer on hand to help you respond quickly to threats and bugs, your app will be a safer, more secure place for users—and ensure their loyalty (and your assets) for the future.

Related