Nobody wants to develop insecure mobile apps, but mistakes can happen when people move quickly to meet a release timeline. Familiarize yourself with the Open Web Application Security Project (OWASP) Mobile Top 10 common mobile application security issues and adopt secure coding best practices to boost quality. In addition, continuously test apps in the dev toolchain with SAST, DAST and IAST automated mobile application security testing.
Whether you’re a novice mobile app developer, a seasoned mobile application security analyst or somewhere in between, here’s a roundup of 31 best practices to hone your secure coding and mobile appsec testing skills. You can find useful advice from NowSecure experts in our twice-monthly “All Things Mobile DevSecOps” newsletter — subscribe now to be in the know.
Mobile app users have become more savvy about protecting sensitive personal information and regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) restrict data usage and sharing practices. Developers can get ahead of regulatory action and improve the overall user experience by looking for ways to implement mobile app privacy features directly into their mobile apps. Here are six mobile app privacy features they should implement.
Many mobile app developers with the best of intentions have rushed COVID-19 apps to Google Play and the App Store to assist with contact tracing, symptom diagnosis and outbreak maps. But in the speed to get apps that can help fight the pandemic out to the public quickly, some security and privacy vulnerabilities went undetected prior to release. Because the sensitive nature of healthcare information creates unique security and privacy challenges, I advise mobile app developers and security analysts to heed the following advice to avoid fairly common security, privacy and compliance issues.
Enterprise software companies are building mobile apps that feature innovative technologies such as artificial intelligence (AI), augmented reality (AR) and other emerging technologies. Incorporating these advanced features in mobile apps helps businesses improve services, enrich the customer experience and gain a competitive edge.
Nearly all mobile apps interact with backend systems and require secure communications. One best practice for developers to safeguard network communications is to implement certificate pinning in their apps. Certificate pinning protects against attackers intercepting sensitive data via man-in-the-middle (MiTM) attacks. Learn more here.