As more organizations explore ways to push functionality to mobile devices, there is a desire to move an increasing amount of sensitive data onto the device. In addition, there is a push to have more sensitive calculations performed on devices.
With the dramatic increase in the number of devices, their technical capabilities, and their use for information-rich transactions attached to back-end enterprise applications, mobile platforms have become an increasingly attractive security target. Adding to the importance of mobile application security is the fact that the networks used to access many mobile services are often unsecured and unencrypted, creating potential confidentiality breaches from traffic monitoring.
What Makes Mobile Application Security Challenging?
- The number of mobile operating systems that exist have very little standardization between them.
- Mobile applications have very different threat models than their web-based counterparts. Android, iPhone, Blackberry smartphone and tablet devices provide a variety of functions built into the hardware that make them dramatically different from desktop or laptop computers, presenting a unique set of security ramifications that must be dealt with at the application level.
- Automated scanning tools are severely limited in detecting critical vulnerabilities on mobile devices, making threat modeling an even more critical activity.
It is vital for mobile developers to understand how to design and build applications that securely leverage a platform’s capabilities without exposing the organization or the application’s users to risk. Developers of mobile applications need to understand:
- The capabilities of their chosen development platform(s)
- The threat model for the system they are building
- That the mobile application itself is only part of the system that attackers will attempt to compromise
- How to design and build applications to securely take advantage of mobile capabilities without exposing their organizations or application users to unnecessary risks.
Looking for guidance on secure mobile application development?
Learn more about Denim Group’s mobile offerings or download Denim Group’s Mobile Application Development Reference. Contact Denim Group for more information about building secure mobile applications and testing the security of mobile applications.