At NowSecure we spend a lot of time attacking mobile apps: hacking, breaking encryption, finding flaws, penetration testing, and looking for sensitive data stored insecurely. We do it for the right reasons — to help companies make their apps more secure. We’ve collected more than 50 mobile application security best practices to help Android and iOS developers build more secure apps.
In our R&D and project work, we find many security gaps. While some problems are big, others represent data leakage or provide potential vectors that aid attackers. In our engagements we always provide concrete recommendations for remediating security issues.
Mobile application security best practices: Tips for Android and iOS development
We’ve compiled these remediation recommendations and published them in a free document that you can find here:
We are driven to improve the state of mobile security, and we hope that by setting this information free, we make a valuable contribution to the community.
The descriptions of attacks and security recommendations in this report are not exhaustive or perfect, and are likely to evolve and get corrected as needed. We reserve the right to release updated recommendations.
If you find our 42+ Best Practices for Secure Mobile Development useful, you might want to take a look at our mobile app security testing solutions including our mobile application security assessment and certification service. In addition, we are launching the Santoku Linux project, a free mobile security, malware and forensics platform.