Do's and Don'ts in Mobile App Security

2015 is the year of security as said by many top business leaders including Michael Dell and many more. In fact, Michael Dell says "Security is something we need to take care of every single day."

Over the last two years, we have heard numerous instances of mobile hacks, apps leaking sensitive data, customers losing money and reputation and the business taking a big hit. Here are some statistics:

  • 163% increase in mobile malware in 2012
  • 90% of the Top 100 Android apps have been hacked
  • 85% of the Top 100 iOS apps have been hacked
  • Less than 5% of popular apps have any professional-grade protection against security issues

Here are some quick do's and don'ts that can help you in securing your apps:

Do's

  • Use secure mobile app headless content management systems (CMS) to ensure content is sent securely.
  • If you have user data, secure the server, data, and app
  • While pulling data from the headless CMS use encrypted web addresses
  • Prevent SQL injections by filtering user inputs at the device level
  • Update libraries frequently
  • Use the application sandbox to isolate app data and code execution from other apps

Don'ts

  • Believe that all content passed is trusted
  • Save user data to NSUserDefaults or SharedPreferences. Major blunder - will save all user data as plain text
  • Blindly trust the source of any mobile SDK
  • Collect or keep data you don’t need
  • Ever connect to an unsecure backend
  • Avoid detailed code reviews with every iteration

And if you think all this sounds very difficult or if you think you don't have time to do all this, we'll take care of it. 
Get In Touch

We'll run a free scan for you so that you spend time only on things that matter.

If you want to read more about Android security, you can check out here 

Published on Jan 16, 2015
Subho Halder
Written by Subho Halder
Subho Halder is the CISO and Co-Founder of Appknox. He started his career researching Mobile Security. Currently, he helps businesses to detect and fix security vulnerabilities. He has also detected critical loopholes in companies like Google, Facebook, Apple, and others

Questions?

Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now