The mobile revolution is in full swing. According to Gartner, 821 million mobile devices (smartphones and tablets) were sold in 2012. That number is expected to reach 1.2 billion next year. For those devices, there are 700,000 apps in each the Apple App Store and Google Play, 120,000 apps in the Windows Phone Store and around 100,000 Blackberry apps – billions of downloads in all. And yet, developers are still struggling to grasp mobile app testing and mobile application security.
Mobile security is both similar and totally different than existing security practices. The mobile ecosystem presents a larger testing matrix than either desktop or web testing. It offers challenges testers haven’t encountered before, but it also presents some of the same security vulnerabilities testers are already acquainted with (mobile websites have the same vulnerabilities as traditional websites). And like all security testing, mobile security requires attention to the “Big 6” security factors:
- Confidentiality: Does the app keep private data private?
- Integrity: Can the data be trusted and verified?
- Authentication: Does the app check to see if you are who you say you are?
- Authorization: Does the app properly limit privileges?
- Availability: Can an attacker take the app offline?
- Non-Repudiation: Does the app keep a record of events for later verification?
These factors – and mobile security as a whole – are particularly important because people carry mobile devices just about everywhere. While people carry these devices all the time, they often don’t consider how the devices have changed since their days as simple closed-system phones. Nobody expects their phone to be hacked. But these contemporary mobile versions are much more complicated and vulnerable machines, resembling home computers more than the cellphones of the 1990s. Unfortunately, people trust their computes to a fault – and mobile is no exception. Because of this casual consumer approach to mobile, users will put the onus of security on developers and apps.
Learn about mobile security factors like:
- Mobile Networks: Mobile data travels over many different networks
- Privacy & Data: How to protect your users’ information
- Native Apps vs. Mobile Web: Each requires unique security testing