What Mobile App Developers Want Security Teams to Know in 2023

In this blog, we explore:

• While mobile app developers are well aware of growing mobile app security risks, they often don’t have the collaboration with security teams necessary to help prevent them.
• To truly enable strong collaboration between developer and security teams, you’ll need to:
  • Ensure developers have the right tools
  • Provide trusted security guidance
  • Adopt a DevSecOps approach along with shifting security left

Mobile app security is a growing concern for organizations now that 62% of businesses either offer an app or are currently building one.

But with the rise of mobile app adoption comes more threats. In fact, brand abuse attacks such as fraudulent clones and IP theft across Android and iOS apps increased by 274% in 2021.

While mobile app developers know about these growing security risks, they often don’t have the collaboration with security teams necessary to help prevent them. 38% of security professionals and less than half of developers say that developers help plan security strategies. On top of that, one-third of leaders have yet to improve the relationship between developers and security teams within their organization.

To help improve collaboration efforts across development and security teams, here are three things that mobile app developers think security teams should know in 2023.

Developers need more developer-friendly tooling

In our 2021 blog covering the same topic, we mentioned that developers need more developer-friendly tooling. This point remains valid in 2023. There is continuous pressure on development teams to meet tight release deadlines without sacrificing the app’s user experience.

With so much focus on user experience, security is often an afterthought. To move quickly and avoid putting security on the back burner, security must be a seamless part of the development process. This requires a credible technical solution that integrates with developers’ existing workflows and tools and supports automation. In addition, the solution should help developers layer security practices so they do not rely on code obfuscation techniques alone to stay on top of advancing threat actors.

Providing developers with a full-spectrum mobile app security solution that seamlessly fits into their existing workflows will enable them to integrate security into the build process without hindering development timelines.

Developers want more trusted and respected security guidance

To make sure an app is being developed so that a security team can consistently keep it secure, development teams need access to more security knowledge as a whole.

Having a trusted resource to inform developers about emerging mobile app security trends and innovations will help them better understand and advocate for the type of support they need from security teams.

A great resource to improve trust and credibility amongst developers and security teams is OWASP. OWASP is a reliable source of knowledge and has offered more mobile application-specific guidance over the past year. It aims to improve the security of software through:

• Community-led open-source software projects.
• Hundreds of chapters worldwide.
• Tens of thousands of members.
• Hosting local and global conferences.

Guidance from OWASP, such as the MASVS framework, will provide actionable recommendations to developers, help reduce the burden of security practices, and close the knowledge gap.

DevSecOps and shifting left are key in collaboration

All too often, when mobile apps are developed, security is left behind. But when developers can fix security issues in the context of the work they’re currently doing, they can heavily improve an app’s security posture more easily and at a lower cost — alleviating some of the pressure of security teams.

By adopting a DevSecOps approach and shifting security left, developers and security teams can work together to foster a mindset of shared responsibility and make mobile app security a priority.

When shifting left, organizations focus on integrating security throughout the entire development process to build the most secure software development lifecycle (SSDLC) possible.

To achieve this, development teams should utilize mobile app security solutions during the development, testing, and deployment stage. This includes mobile application protection (DexGuard and iXGuard), security testing (AppSweep), and threat monitoring (ThreatCast) tools.

With the help of these solutions, experienced and knowledgeable developers can even be trained as “security champions” that bring the security perspective into every software design decision.

Set up your development and security teams for success

Strong collaboration and trust between your dev and security teams is essential to the success of each team. To enable that collaboration, you’ll need to ensure developers have the right tools and adopt a DevSecOps approach along with shifting your security left.

Ready to start prioritizing mobile app security by focusing on how development teams can better work with security teams toward a common purpose? Check out our whitepaper How Mobile App Protection Fits into a Broader Security Strategy and learn more about fostering stronger collaboration across your organization.