I did a quick pre-CES interview with Alan Weinkrantz discussing what firms should think about when considering the security of mobile applications they are developing.
You can listen here:
Here are a couple of the main points I covered:
· Organizations should be thoughtful when developing requirements and designs for applications because consumers are getting more aware and more sensitive about how their mobile data is treated. Tracking too much might get you in trouble.
· Organizations should be very careful when building applications so that they do not introduce security problems into the application code or into the server-side resources supporting the smartphone applications (For more information on this see some of our resources on smartphone application security at www.smartphonesdumbapps.com)
· Organizations need to be careful of their software supply chains when they are building mobile applications. There were a number of cases in 2010 where 3rd party libraries and/or application code introduced vulnerabilities into mobile applications. This will continue to be a concern going forward and organizations also need to start vetting 3rd party code for malicious behaviors.
I can’t make it to CES this year but it should be a good time. And 2011 is going to be a very interesting year for mobile applications and mobile application security.
dan _at_ denimgroup.com