Gartner^® Report:
Avoid Mobile Application Security Pitfalls

"Mobile applications are increasingly sources of fraud and data breaches for organizations."

Security and risk management leaders must have a solid understanding of mobile security best practices to avoid data leakage, prevent attacks on the infrastructure, and safely enable the advancement of digital transformation. 

This Gartner report highlights the main pitfalls plaguing mobile app security and provides recommendations to avoid security failures when developing mobile apps, including: 

• Provide early input on the performance-security trade-offs  when a mobile architecture (native, hybrid or mobile web) is selected by being involved from the beginning of the process
• Implement application security best practices with a focus on the specificities of mobile and its associated back end and possible API. In particular, eliminate hardcoded credentials, minimize app permissions, encrypt sensitive data and use certificate pinning where possible
• Perform mobile application security testing and standardize the mobile security components used by employing ISVs, multiexperience development platforms and UEM capabilities in the process.
• Go beyond obvious controls, such as encryption at rest, for high-security apps by hardening and obfuscating code, preparing against tampering, and reverse engineering attempts