How to Avoid Mobile App Security Risks

According to Gartner^®, “Mobile applications are subject to new types of attacks and require developers to revisit, learn and reprioritize security best practices.”

Based on our experience, Guardsquare recommends that for applications that need to offer higher levels of security, software developers should plan for and build apps assuming that they are running in a hostile environment under the control of an attacker.

In support of your business goals, you have decided to develop an end-user facing mobile app. Whether you are new to mobile application development or have significant experience, the task of planning the security profile for your application should be taken seriously and can be as critical to its success as the user experience it delivers. The Gartner research report, Avoid Mobile Application Security Pitfalls¹ is a great resource and reference for product and security leaders who are faced with the challenge of developing a security strategy for their mobile app. You can download a copy of the report here.

The shift to mobile apps continues to increase at a rapid pace. Recent surveys show the amount of time spent per day on mobile apps versus a mobile browser is almost 10:1; this represents a significant 50% growth in the last 2 years. If we look at mobile banking specifically, more than 90% of Millennials and Gen-X use mobile banking apps and more than 70% of all customers choose their financial institution based on the capabilities of the mobile app.

Of paramount importance in developing a mobile app is the level of security needed for the type of app that is being developed. One of the biggest challenges to ensuring the level of security matches the app type is what we refer to as the mobile app security gap. Simply put, it is the gap between the security requirements of a mobile app and the capability of a development team to meet those requirements if they try to do it on their own. This challenge often does not arise because the technology is beyond the grasp of the team. Rather, most teams are over-committed, under-resourced and cannot dedicate the resources required to stay abreast of the latest security issues, practices and threats. What technical debt is undertaken by relying on an in-house developed solution?

The Gartner research report provides product managers as well as security and risk management leaders key insights to understand mobile app security best practices and thwart security threats. It highlights some of the main pitfalls plaguing mobile application security, provides a framework for developing your security strategy and recommendations to avoid security failures, including:

• How to gauge performance-security tradeoffs
• How to implement security best practices that focus on mobile
• The need for mobile application security testing
• The need to go beyond obvious controls and include code hardening, obfuscation, anti-tampering and runtime monitoring

The report provides a great foundation for developing your mobile application security strategy. Download a copy today.

Additional resources on Mobile App Security and Protection from Guardsquare can be found at

https://www.guardsquare.com/what-is-mobile-app-security

https://www.guardsquare.com/what-is-mobile-application-security-testing

https://www.guardsquare.com/code-hardening

https://www.guardsquare.com/what-is-code-obfuscation

¹Avoid Mobile Application Security Pitfalls, By Dionisio Zumerle, Gartner, Published January 27, 2022

Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.