Mobile Apps Must be their own Fortress to Withstand Attacks from Hackers

A #mobile app must be its own fortress and never assume platforms are encrypted, authenticated, use VPN or require a PIN for #security.

I guess developers can’t count on anything these days. How you deal with security is what separates consumer app developers from enterprise app developers. The best apps assume an insecure, unencrypted and completely compromised mobile platform. In a world of bring your own app (BYOA), this will differentiate consumer app developers from trusted enterprise app developers. Imagine the scenario where a logged-in device is left behind in a taxi and is stolen before device security kicks-in to log the device out. A window of time ranging from five to fifteen minutes of exposure is realistic.

So how does a mobile app take charge of its own security? On launch, it must prompt for enterprise credentials like a password, PIN, face or fingerprint before allowing a user inside the app. Eliminate the use of cached credentials and tokens or keep expiration times to a minimum. Next, the app must provide its own encryption for data at rest. This is accomplished through the use of a mobile platform’s crypto APIs. Oftentimes you can reuse login credentials as a password and salt value. Use this to encrypt all downloaded and user-entered data before saving to local storage. The app must use TLS or per-app VPN tunnels for all remote communication to secure data in transit. Lastly, trustworthy apps should never take dependencies on platform capabilities they don’t actually require.

Reduce risk to your business by insisting every enterprise app you build or buy provides its own comprehensive security capabilities. Is your company making app security a top priority?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click here to purchase a copy of my book today and start transforming your business!

Discover more from Rob Tiffany

Subscribe to get the latest posts sent to your email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Rob Tiffany

Subscribe now to keep reading and get access to the full archive.

Continue reading