Mobile app users have become more savvy about protecting sensitive personal information and regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) restrict data usage and sharing practices. Developers can get ahead of regulatory action and improve the overall user experience by looking for ways to implement mobile app privacy features directly into their mobile apps. Here are six mobile app privacy features they should implement.
Many mobile app developers with the best of intentions have rushed COVID-19 apps to Google Play and the App Store to assist with contact tracing, symptom diagnosis and outbreak maps. But in the speed to get apps that can help fight the pandemic out to the public quickly, some security and privacy vulnerabilities went undetected prior to release. Because the sensitive nature of healthcare information creates unique security and privacy challenges, I advise mobile app developers and security analysts to heed the following advice to avoid fairly common security, privacy and compliance issues.
With the Android 11 preview beta being released last month, you may be scratching your head asking, “What did I miss in Android 10?” Developers will face a Nov. 2 deadline to update their mobile apps to accommodate a target SDK of Android API level 29 or higher. The addition of Scoped Storage ushers in noteworthy changes to external storage, otherwise known as public storage, SD card, shared storage, or emulated storage.
Many people have heard about mobile man-in-the-middle (MiTM) attacks but aren’t sure just exactly what they are or how they happen. Learn more including the development and security issues that can leave apps vulnerable to MiTM attacks, tips for testing and the layers of network defense that can help you avoid these issues.
OWASP’s Global AppSec DC 2019 takes place Sept. 9 – 13 in Washington, D.C. Find our picks for several training and conference sessions to build your knowledge about mobile DevSecOps and application security, book a meeting with us and visit Booth S7.
Managers can find guidance for mobile app security verification and testing requirements from the OWASP Mobile Security Verification Standard (MASVS). We recommend using MASVS as a starting point for developing a plan of attack and standardizing testing using the Mobile AppSec Model. Learn more about it here.