Secure Mobile Application Development Reference
Helping Developers Write More Secure Mobile Applications
Writing mobile applications is not an easy feat. Few do it well and even fewer write mobile applications in a secure fashion so that they can protect sensitive data and calculations when published to app stores. In most organizations, the people that worry about the security of applications live in the security department, not the application development group.
Denim Group authored the Secure Mobile Application Development Reference as both a technical resource and to facilitate discussions between the security team and the mobile developers at your organization.
This guide characterizes the many aspects of mobile development that involve security, including:
- The differences between the iOS and Android security architectures.
- How mobile and web development threat models differ.
- The challenge of automated testing on mobile code for both platforms. There is no substitute for having a security architect review the architecture of a mobile application in development.
How this Paper Helps the Application Security Manager
This paper is designed to help the Application Security Manager make substantial progress communicating security needs to the development team.
First, it will help give the manager a better understanding of the security differences of the two major mobile platforms, iOS and Android. The ways both platforms implement security controls is vastly different, and these differences are the first step in better understanding where to chart security improvements.
Second, and perhaps more importantly, the manager can hand this guide to the mobile developer to implement security controls that are important to the organization.
How this Paper Helps the Developer
This reference guide will provide developers with a deeper understanding of the security architecture of the two main mobile development platforms, namely iOS and Android. By understanding the key security differences in both platforms, developers can better implement security controls and have a more productive conversation with security colleagues.