General discussion

General Security Check list for a Mobile App

By luis.duranpmp ·
What are the main items to consider in the usage of a Mobile App?
Thread display: Collapse - | Expand +

All Comments

Collapse -

Security Checklist

by deborasumopayroll In reply to General Security Check li ...

Mobile App Security Standards/Checklist
There are a few practices that you could follow when creating an application that will help you create more secure applications on the go. Here’s the list that you could follow:
1. Securing the source code:
It doesn’t make sense to make a powerful app, follow every best practice, and then leave the source code open to anyone. It’s like building a high castle and leaving the front gate open. In a mobile application, usually, most of the source code resides on the client side, including the UI and the business logic which presents a threat if this code was accessible to attackers.
Obfuscation is the process of making your code base unclear and confusing, to prevent attackers from understanding or reverse-engineering it. It changes your class, method, attributes names into meaningless letters or characters, making the code un-understandable. You can easily obfuscate your code base with Android's built-in Pro-guard and there are much other software that you could use, either for Android or IOS.
2. Securing the files and the database:
It’s not enough to secure the code base, you also need to secure the data. You need to store data on the device for all sort of reasons, this data can include critical information such as user credentials or payment info, for that reason you should always make sure that the data you’re storing on the user’s end is encrypted to prevent its leakage.
3. Securing Communications
Network security in mobile development is not as trivial as it is for web development, and many companies and developers do not opt network security in their development process. It’s not enough to secure the data on the generation and storage points only.
4. Consider Data Portability
Data portability is the practice of using user data across different platforms and services. Like using your Facebook account to sign in other platforms like StackOverflow or GitHub. This allows you to leverage the security of the bigger companies and use it on your side, inside of implementing all the user's authentication and private data all from scratch, it also makes it easier for the user as more people find it plausible to use their old accounts than create new ones.
The simple flow of OAuth allows you to access the protected resources a.k.a user data on the other end by just storing the access token, which saves you the hassle of collecting and protecting that data.
5. Brace for Reverse Engineering
This might be more specific to Andr

Collapse -

Mobile App Security Standards

by iqlancekrunal In reply to General Security Check li ...

1. Securing the source code:
It doesn’t make sense to make a powerful app, follow every best practice, and then leave the source code open to anyone.
2. Securing the files and the database:
3. Securing Communications
4. Consider Data Portability
5. Brace for Reverse Engineering
6. Perform Input Validation
8. Perform Penetration Testing

Collapse -

Mobile App Security Check List

by tessa1597052660 In reply to General Security Check li ...

Security has consistently been a significant worry for businesses. Furthermore, this concern is even greater when it comes to mobile apps.

1. Making source code more secure - Make your source code secure using muddling. It is a technique where the source code is changed in a form which is quite confusing.
2. Securing the files and the database - Ensure that the information that the client enters in your site is secure, regardless of whether they are about user credentials or payment information.
3. Securing communications - Use VPN, SSL, and “https” to transmit data through a secure medium every time.
4. Allow user permissions - By giving the clients an option to pick their security settings depending on their inclinations, you can provide them with ultimate security standards in your application.
5. Perform penetration testing - It is different from normal testing and is quite effective in making a mobile app secure.
6. Enforce user-level application security policies.
Secure the platform - Understand the platforms and frameworks.

I know that security is a major concern and can't simply be resolved by going through a few steps. If you need some help, contact any mobile app development company which can guide you through the process.

Related Discussions

Related Forums