Mobile device usage has been growing rapidly, with smartphone users already reaching 3 billion worldwide and expected to exceed 3.8 billion by 2021. As mobile continues to become the primary platform consumers use in their everyday lives, the mobile app industry will experience a number of significant changes.
In this post, we’ve put together the top four security-related trends that will impact the mobile app industry in the coming years, from endpoint security and mobile OS adoption to widespread mobile banking and mobile identification.
In the near future, we believe hardware-based cryptography will be more readily available, creating a new era of endpoint security for all mobile apps. Moore’s Law—the consistent improvement in hardware capabilities while costs continue to decrease—means that it’s inevitable that efficient hardware-based cryptography elements will reach all mobile devices eventually.
In fact, the Apple ecosystem already has some hardware-based cryptography elements like Secure Enclave. This is a security coprocessor that’s built into every Apple device to secure sensitive data, so app developers can store encrypted keys and other information. Apple also has complete control over the hardware within its ecosystem, which has enabled the company to more easily roll out new security features and get them adopted by mobile app developers.
Google, on the other hand, has been playing catch-up with its Android ecosystem. It has been more challenging for Android to introduce hardware-based cryptography because the platform runs on a broad range of devices and hardware built by numerous manufacturers. That’s why hardware security approaches like ARM’s TrustZone have failed to get widespread adoption by app developers.
Once it becomes cheap for all devices to include hardware-based cryptography features, and the operating systems give app developers convenient APIs to use them, the endpoint security gap will close. This new level of security, therefore, will greatly improve consumer trust for all mobile users, whether they have Apple or Android devices.
The Internet of Things (IoT)—a network of interconnected sensors, cameras, or other devices—is highly sensitive to Bill of Material (BOM) costs and energy consumption. That’s why most IoT devices use an embedded real-time operating system (RTOS), which is often a stripped-down version of Linux built by the manufacturer, to maximize its efficiency.
There will come a point, however, when IoT hardware has more processing power at a much lower cost, and a proprietary RTOS will no longer be necessary. That means security and interoperability may take precedence, and manufacturers could run Android, or even iOS, on their IoT devices. Mobile OSes can offer improved IoT software security, while also integrating better with consumers’ other mobile-centric experiences.
IoT mobile OS adoption is already largely underway, with Google releasing a stripped-down version of its operating system called Android Things and Apple launching its IoT ecosystem HomeKit. These solutions are driving mobile and IoT developers to build software that leverages and supports all Internet-enabled devices for a more cohesive consumer experience.
The IoT industry is also recognizing that it can benefit from running trustworthy mainstream operating systems that have already had massive investments in security and been tested across hundreds of millions of devices. When there is huge mobile OS adoption, IoT security can improve even further with code hardening and runtime application self-protection (RASP).
As it stands today, mobile payments in the U.S. are expected to exceed $130 billion in 2020, up from only $12.8 billion spent in 2012. With hardware-based cryptography, the impact of the global pandemic, growth of online shopping, and other factors, mobile banking could become a central part of the new normal.
Widespread consumer adoption of mobile payments and banking in the U.S., much like China and India, could create enormous growth in the use of mobile apps for online shopping. The problem is that many of today’s eCommerce and online retail apps aren’t secure. In fact, Guardsquare found that 23% of the top 51 Android mobile retail apps lacked any code hardening or RASP mechanisms at all and 63% had just one of these protections. Companies that don’t take mobile application security seriously are at risk of losing consumer trust.
With mobile apps handling personal financial information, increased security protections such as application hardening will become a necessity. Application hardening includes code hardening— encrypting sensitive data and obfuscating the source code—and anti-tampering mechanisms during runtime. These security techniques can build further trust and adoption for mobile banking apps in the near future.
Today’s smartphone users unlock their device using a mixture of passwords, pins, and biometrics, but these identification features may protect much more soon. In fact, 89% of security leaders think that mobile devices will serve as your digital ID to access enterprise services and data in the near future. This is already evident with Apple’s KeyChain and Google’s SmartLock, which store passwords and allow users to access their accounts using Touch ID or Face ID for authentication.
While digital identification is more relevant to private enterprises, some governments are shifting from paper IDs to completely electronic, centralized ID schemes as well. There’s a good chance that this trend will continue into the future, as the pandemic increases the need for touchless or remote government services and hardware-based cryptography becomes more widespread.
Adoption of mobile IDs could also accelerate the adoption of mobile payments, both of which will lead to enormous growth in the mobile app industry. That’s why mobile app developers should put a priority on security now to meet the standards of governments and enterprises that will rely on mobile IDs in the future.
With all of these massive changes on the horizon, mobile app security will become even more critical. That means companies building mobile apps should consider mobile application security solutions like those offered by Guardsquare. Using Guardsquare’s DexGuard and iXGuard solutions, combined with real-time threat monitoring, companies can protect their Android and iOS apps from tampering or reverse engineering attempts and build consumer trust.