Whether you’re a novice mobile app developer, a seasoned mobile application security analyst or somewhere in between, here’s a roundup of 31 best practices to hone your secure coding and mobile appsec testing skills. You can find useful advice from NowSecure experts in our twice-monthly “All Things Mobile DevSecOps” newsletter — subscribe now to be in the know.
Mobile app users have become more savvy about protecting sensitive personal information and regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) restrict data usage and sharing practices. Developers can get ahead of regulatory action and improve the overall user experience by looking for ways to implement mobile app privacy features directly into their mobile apps. Here are six mobile app privacy features they should implement.
Many mobile app developers with the best of intentions have rushed COVID-19 apps to Google Play and the App Store to assist with contact tracing, symptom diagnosis and outbreak maps. But in the speed to get apps that can help fight the pandemic out to the public quickly, some security and privacy vulnerabilities went undetected prior to release. Because the sensitive nature of healthcare information creates unique security and privacy challenges, I advise mobile app developers and security analysts to heed the following advice to avoid fairly common security, privacy and compliance issues.
Enterprise software companies are building mobile apps that feature innovative technologies such as artificial intelligence (AI), augmented reality (AR) and other emerging technologies. Incorporating these advanced features in mobile apps helps businesses improve services, enrich the customer experience and gain a competitive edge.
Nearly all mobile apps interact with backend systems and require secure communications. One best practice for developers to safeguard network communications is to implement certificate pinning in their apps. Certificate pinning protects against attackers intercepting sensitive data via man-in-the-middle (MiTM) attacks. Learn more here.
As DevSecOps takes hold in organizations, there’s a noticeable difference in maturity of application security testing practices for mobile apps vs. web. NowSecure sought to understand the role of DevSecOps in the mobile application development lifecycle by polling IT leaders about their release and testing practices. Consult this infographic to see how your organization stacks up against your peers and the top benefits companies have achieved by incorporating security testing into mobile DevOps.