It’s a burden constantly weighing on anyone involved with app development; is this app invading users’ privacy? Is it secure? Ideally, this is something app developers and business owners would mull over prior to launch. Yet more often than not, it hits the hardest post-launch when angered users pour their anger out all over app store reviews and social media.
Security is easy to overlook for developers – and when something goes awry, very easy to point blame as a consumer. In order to truly overcome the immense challenge of mobile security, it takes a conscious effort from both developers and mobile users. Here’s a look at both ends of the spectrum, and best practices for minimizing mobile security risk:
Collect as little data as possible: Make users aware of the data you are collecting from them, and don’t let any surprises fall through the cracks. Being up front and honest about the data you store, reinforces a trust factor between the app and the consumer. With that being said, practice data minimization and collect as little data as possible. Only collect user data that is vital to the apps functionality. The more of users’ information you request, the more likely they are to drop your app. Not to mention, practicing data minimization mitigates risk of the information being hacked or misplaced.
Protect the data: Any data you need to store needs to be protected. Business Center Blog’s Lesley Fair, in her “12 tips toward kick-app mobile security”, says “If your app handles personal info, think about protecting or obscuring data — for example, by using encryption.” She also adds that if you have an app that communicates with a server, take appropriate measures to protect that, as well.
Test: Another “kick app” tip is to make someone responsible for security. It is true that there needs to be a dedicated person on the development team handling security, but it’s important to remember that a single person cannot adequately find security vulnerabilities on their own. That dedicated person should find and manage a testing solution with real world white-hat testers that can probe the app for all common vulnerabilities.
For Mobile Users:
Accept those mobile updates: As Raj Sabhlok of Forbes says, “Accept those mobile updates… fast!” Developers are increasingly honing in on improving app security by finding vulnerabilities, patching them and releasing updates. According to Sabhlok, “Vendors are increasingly focused on security in light of recent high-profile breaches. As a result, they are working fast and furious to deliver security updates. Unfortunately, users don’t update their mobile operating systems and applications in a timely manner.”
Password Management: We all know passwords are a no brainer, but surprisingly it’s a step people often skip. As Sabhlok says, “In fact, implementing a passcode on your device is probably the strongest deterrent to a would-be hacker. Surprisingly, many people omit the easiest and quite possibly the most effective security mechanism there is.”
For mobile users and developers, a good analytics tool for measuring privacy and stability of an app is Applause. The free tool allows users to search the app they want to download, and see how other users rate the app in the app stores based on privacy and stability along with many other attributes. For developers, Applause gives them a sense of where their app stacks up and how users feel about their app’s privacy and stability. Find an app now.