Mobile Apps

General discussion

Locked

General Security Check list for a Mobile App

By luis.duranpmp ·
What are the main items to consider in the usage of a Mobile App?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Security Checklist

by deborasumopayroll In reply to General Security Check li ...

Mobile App Security Standards/Checklist
There are a few practices that you could follow when creating an application that will help you create more secure applications on the go. Here’s the list that you could follow:
1. Securing the source code:
It doesn’t make sense to make a powerful app, follow every best practice, and then leave the source code open to anyone. It’s like building a high castle and leaving the front gate open. In a mobile application, usually, most of the source code resides on the client side, including the UI and the business logic which presents a threat if this code was accessible to attackers.
Obfuscation is the process of making your code base unclear and confusing, to prevent attackers from understanding or reverse-engineering it. It changes your class, method, attributes names into meaningless letters or characters, making the code un-understandable. You can easily obfuscate your code base with Android's built-in Pro-guard and there are much other software that you could use, either for Android or IOS.
2. Securing the files and the database:
It’s not enough to secure the code base, you also need to secure the data. You need to store data on the device for all sort of reasons, this data can include critical information such as user credentials or payment info, for that reason you should always make sure that the data you’re storing on the user’s end is encrypted to prevent its leakage.
3. Securing Communications
Network security in mobile development is not as trivial as it is for web development, and many companies and developers do not opt network security in their development process. It’s not enough to secure the data on the generation and storage points only.
4. Consider Data Portability
Data portability is the practice of using user data across different platforms and services. Like using your Facebook account to sign in other platforms like StackOverflow or GitHub. This allows you to leverage the security of the bigger companies and use it on your side, inside of implementing all the user's authentication and private data all from scratch, it also makes it easier for the user as more people find it plausible to use their old accounts than create new ones.
The simple flow of OAuth allows you to access the protected resources a.k.a user data on the other end by just storing the access token, which saves you the hassle of collecting and protecting that data.
5. Brace for Reverse Engineering
This might be more specific to Andr

Collapse -

Mobile App Security Standards

by iqlancekrunal In reply to General Security Check li ...

1. Securing the source code:
It doesn’t make sense to make a powerful app, follow every best practice, and then leave the source code open to anyone.
2. Securing the files and the database:
3. Securing Communications
4. Consider Data Portability
5. Brace for Reverse Engineering
6. Perform Input Validation
8. Perform Penetration Testing

Collapse -

Mobile App Security Check List

by tessa1597052660 In reply to General Security Check li ...

Security has consistently been a significant worry for businesses. Furthermore, this concern is even greater when it comes to mobile apps.

1. Making source code more secure - Make your source code secure using muddling. It is a technique where the source code is changed in a form which is quite confusing.
2. Securing the files and the database - Ensure that the information that the client enters in your site is secure, regardless of whether they are about user credentials or payment information.
3. Securing communications - Use VPN, SSL, and “https” to transmit data through a secure medium every time.
4. Allow user permissions - By giving the clients an option to pick their security settings depending on their inclinations, you can provide them with ultimate security standards in your application.
5. Perform penetration testing - It is different from normal testing and is quite effective in making a mobile app secure.
6. Enforce user-level application security policies.
Secure the platform - Understand the platforms and frameworks.

I know that security is a major concern and can't simply be resolved by going through a few steps. If you need some help, contact any mobile app development company which can guide you through the process.

Collapse -

Mobile App Development Privacy and Security Checklist

by harshit2 In reply to General Security Check li ...

Here are some of the best practices that you should follow to create more secure apps

1. Evaluate all open-source codes: Open source and third-party libraries are changing the app world, helping to speed up development and deployment. Enterprises apps can contain as much as 90% open source codes. Unfortunately, third-party codes have often been the reason behind vulnerabilities, allowing attackers to remotely exploit a system. Open-source apps can be reverse-engineered. So leaving the source code open could put your app at risk.

2. Secure the source code: In mobile app development, most of the source usually resides with the client. Consider obfuscating the code to keep it safe from hackers.

3. Utilize strong data encryption: No matter how much you work on securing the code, you need to be equally vigilant of the data. All app data needs to be encrypted. Eliminate any plain-text resources so that it’s impossible to gather insights about the application.

4. Secure the database: The database on the user’s end must be encrypted to prevent data breaches. App developers understand the importance of protecting sensitive data.

5. Isolate app data: Apps access information from mobile devices regularly. However, they must remain independent of the user’s data at all times.

6. Ensure safe communications: You need to go beyond the security of data at its generation and storage points. The app’s code should be able to acknowledge valid security certifications and block those requests which are invalid. By validating the authenticity of security certificates, developers can help to eliminate illegal access by attackers.

7. Allow access only to secure connections: While HTTPS protocol in connections is crucial, it’s also essential to limit inbound ports. Therefore, in order to prevent attacks, mobile apps should only grant access to specific servers and services.

9. Secure data locally: The app should stop the transfer of data outside the app.

10. Data can be easily manipulated. App developers need to add ways to validate and authenticate that data without compromising the ease of use and compatibility of the app. Authentication ensures that the user enters the correct information before the app can be launched or any data is accessed. Multi-factor authentication system or multistep authentication adds another layer of app security to ensure data safety.

Related Discussions

Related Forums