Every year the NowSecure team makes predictions about developments in mobile application security that we expect to occur in the coming year. The importance of mobile appsec and privacy testing has grown this year and several of our 2019 predictions were right on the mark.
What will 2020 hold? Our leaders and researchers predict we’ll see an intensified focus on privacy, mobile DevSecOps gaining traction and ample activity around wearables and Internet of Things (IoT).
Given Google’s recent $2.1 billion acquisition of Fitbit, there’s no denying the popularity of wearable devices. Declining prices have made the technology more accessible to consumers and you can expect to see an onslaught of Android wearables in the coming years. All told, worldwide spending on wearable technology will reach $52 billion in spending in 2020, according to Gartner.
In the meantime, Internet of Things (IoT) is poised to cross the chasm into mainstream enterprise use. Roughly 25% of organizationes use IoT technology today, according to McKinsey & Company, which forecasts surging uptake by 2023.
The downside of growth in connected wearable and IoT devices means they will present a more attractive target for attackers. You can expect breaches and vulnerabilities to get much worse before they get better because of a lack of focus on security and privacy for these mobile apps.
In positive developments, the California Consumer Privacy Act (CCPA) takes effect on Jan. 1 and will increasingly shift conversations about mobile app privacy to the forefront. According to the legislation, for-profit organizationes that collect data about California residents must protect the personal information from unauthorized access, use or disclosure or face fines.
Here are some of the mobile application security trends and challenges that NowSecure experts anticipate we’ll see in 2020.
Peering into the Crystal Ball
“With the smartwatch segment showing strong growth throughout 2019 and Apple Watch still leading the industry, I’m expecting to see more iOS apps introduce Watch integrations in 2020. The question is whether security best practices in iOS development will carry over into watchOS apps — I predict that this will not be the case! It will be key for the AppSec community to surface and articulate the risks on smartwatch platforms as this trend continues.” — Dawn Isabel, Research Engineer
“IoT testing (smart home devices, home assistants, webcams, cars etc.) will gain a lot more traction. Automated mobile security companies will have to shift focus to other communication protocols such as Bluetooth, Zigbee and NFC.” — Rono Dasgupta, Research Engineer
“States are increasingly developing or releasing mobile apps for voting in elections. We saw the first allegation of an attempted hack of a mobile voting app in West Virginia. I predict we’ll see more widespread allegations of voter fraud via mobile apps in the coming election, along with more attempts by malicious actors to breach those systems.” — Jordan Thomas, Director of Customer Success
“The United States Census Bureau will use a (hopefully secure) mobile app to conduct the 2020 Census.” — Chris Cimaglia, Manager, Mobile DevSecOps Advocacy Team
“Having secure mobile applications will become a competitive advantage.” — Edward Nagai, Technical Account Manager
“Mobile-centric breaches will lead to four significant privacy fines for violating GDPR and CCPA.” — Brian C. Reed, NowSecure Chief Mobility Officer
“We will see an increased focus on protecting user privacy and ensuring user trust, primarily in financial services, healthcare and retail industries.” — Cory Thomas, Strategic Account Manager
“Interactive Application Security Testing (IAST) capabilities initially used for web apps will take hold in mobile app development shops. In addition, the separation between privacy and security will blur even more in 2020, prompting organizationes to ask their AST providers for more comprehensive solutions.” — Warren Smith, Vice President of Products
“Another mobile OS will enter the arena next year.” — David Weinstein, Chief Technology Officer
“Deployment of automated mobile appsec testing in the DevOps toolchain will double in 2020.” — Brian C. Reed, NowSecure Chief Mobility Officer
To stay abreast of the latest developments in mobile application security and DevSecOps throughout the year, get the news in your inbox twice monthly with our curated eletter, “All Things Mobile DevSecOps.” Sign up here.