Mobile app security (or lack thereof) is a big concern these days – for both developers and end users. But while the end user is somewhat at the mercy of the hackers, developers actually have steps they can take to mitigate the risk of a security breach. Among those steps, developing a hybrid app instead of a native app.
Awhile back, NetworkWorld.com ran a nice guest post by Michelle Drolet, founder of Towerwall, on some effective tips for testing the security of mobile apps. It’s a great read if you have the time, but the real interesting piece of content had to do with the future of hybrid apps. Take a look:
Companies are increasingly opting for the hybrid approach so they can cover a wide range of platforms, but also leverage the hardware capabilities of different mobile devices. Gartner analysts suggest that more than 50% of deployed apps will be hybrid by 2016. [Also see: “What enterprise mobile apps can learn from mobile games“]
As you may imagine, each type of app requires specific testing. In each case you’ll need to consider how to protect data as it travels across mobile networks. There’s always a split between what is actually deployed to the mobile device, and the central processing or data storage that’s deployed to a server. There’s a range of software out there designed to assist your IT department in testing an app’s security.
To cover all the bases and ensure effective penetration testing is carried out, your best option is to engage a third-party organization with the right expertise. They will put your app to the test, approaching it as a real attacker would — with no regard for how the system is intended to be used, just a determination to breach it.