When you think about bad mobile app security, Android tends to come to mind. The open nature of Android makes it (theoretically) easier for malicious apps to find their way into the app store and onto users’ devices. While intentionally malicious apps may be a problem for Android, when it comes to data leaks and the loss of personal information iOS is actually a bigger security offender, according to Veracode’s recent State of Software Security report. From Computer Weekly:

Surprisingly, 26% of Android apps exhibited information leakage bugs, compared with 42% on iOS. This covers the leakage of personal information such as email, text messages, GPS coordinates, and the content of users’ address books.

“When you install Android, it requests access to certain phone functionality. The app developer has to request explicit access, while on iOS a developer does not have to request access,” said [Chris Eng, vice-president of research at Veracode].

Even when developers take the extra steps to make their apps secure, their approaches may be miss guided. Trying to build in cryptographic keys to protect user data can actually make security worse if not done correctly. This issue is troubling for both major operating systems.

Overall, cryptographic issues affected a sizeable portion of Android (64%) and iOS (58%) applications.

The report warned that using cryptographic mechanisms incorrectly can make it easier for attackers to compromise the application. Cryptographic keys are used to protect transmitted or stored data.

It found that in some applications, developers had hard-coded a cryptographic key directly into a mobile application. Should these hard-coded keys be compromised, any security mechanisms that depend on the privacy of the keys are rendered ineffective.

Mobile app security is complicated. Developers and testers need to keep working to understand the issues and learn how to best address them.

In the business world, a year-over-year growth rate of 163% percent is cause for celebration. In the world of mobile malware, a 163% growth rate is cause for consternation. If we are to believe a recent study from Mobile service provider NQ Mobile, that’s the present situation for the Android operating system – and it’s probably going to get worse.

Here’s TechCrunch with the story:

Trends indicate we’ll only see more attacks, and more creative ones, according to NQ. In February, security researchers identified a new type of malware that uses an Android device as a launch platform for infecting a target computer via USB connection, the company said. That remains limited to only a few identified infected handsets, but it’s a troubling attack vector that could pose plenty of problems down the road if it becomes more sophisticated. In a release, NQ Mobile co-CEO Omar Khans said that what’s needed is a system that can detect threats in advance of infection and prevent them, something which so far hasn’t really been widely available.

NQ Mobile’s report found that more than 32.8 million Android devices were infected over the course of 2012, up more than 200 percent from 2011. Of course, the general Android device population grew massively over the course of the year – a recent ABI Research study indicates that there will be over 798 million active Android devices by the end of the year, compared to around 300 million as of early in 2012. And the U.S., despite having a large chunk of the overall user population, is actually further down the list in terms of target countries, with just 9.8 percent of infected devices, compared to 25.5 percent in China, 19.4 percent in India and 17.9 percent in Russia.

Read the Rest >>>

An article today on Wired that piqued my interest was the difference in how men and women use apps. While, “the most well-known and popular apps in the App Store tend towards a 50-50 gender ratio split.”, it appears that the way in which men and women use the apps show some interesting differences. Stereotypical findings still exist, most sports and automotive apps are downloaded by men and woman are downloading far more catalog apps, still, some anomalies presented themselves. I’d like to share with you some of the interesting stats I found.

• Catalog Spree reported that men are ever so slightly (about 2-percent) more likely to actually purchase items through mobile apps than women are
• Venmo, an app that lets you easily send and receive payments from friends, reports that 60-percent of its users are male.
• Mobile marketing firm Velti found that men purchase 11-percent more virtual goods than ladies.
• According to Storm8, the sixth largest grossing mobile app publisher of 2012, their gaming titles in this category feature a 75-percent male userbase. However, Storm8 sees 80 percent of downloads coming from women for “social arcade” category of gaming, things like Bubble Mania or jewel-matching titles.
• A larger percent of ladies download books on their mobile devices than fellas, according to Flurry Analytics.
• Photography apps skew more male on iOS (strong on the iPhone, moderate on the iPad), while they lean moderately more female on Android.

I would have to agree with Christina Bonnington, the author of the Wired piece, that although some of these stats are interesting, they still seem to point out that men and women use their mobile devices pretty much in the same way, “both men and women are using their devices for reading content, for playing games, for making purchases, and dozens of other purposes.”

Cupcakes, froyo, ice cream sandwiches and jelly beans are all delicious! They’re also all Android operating system versions. Over the years Android has released 39 public updates to their OS. What did each update add to the platform? When did your favorite feature hit the market? Learn all about the history of the Android versions in this infographic put together by Kinvey.

What’s the app economy look at the start of 2013? According to a Q1 report from analyst firm Canalys, downloads are up, markets are growing in new locations and Google and Apple are still on top. The report looked at the app stores for Google, Apple, Windows Phone and Blackberry in more than 50 countries. Overall, 13.4 billion apps were downloaded in the past three months, an 11% increase over the end of 2012.

If you’re an app developer or tester, where should you be focusing your mobile efforts? Here’s a breakdown:

• Some of the strongest growth was seen in emerging markets, such as South Africa, Brazil and Indonesia
• App downloads in North America and Western Europe increased -  6% and 10% respectively
• Google Play saw the most downloads – accounting for 51% of downloads from the four major stores

Though Google and Apple still dominate the app market, Tim Shepherd, Canalys Senior Analyst, believes Windows Phone and Blackberry are still in the game. They need a fair bit fo work to steal away market share, though, Tim cautioned in the report.

BlackBerry 10 now has more than 100,000 apps available through its storefront, showing good growth from the 70,000 it boasted at launch, and the new devices on the platform have given BlackBerry a much greater chance to compete for consumer attention. Its app story is going from strength to strength, but there is no room for complacency. Microsoft, with the help of partners such as Nokia, is also making good progress attracting some important titles to the Windows Phone platform, but it too needs to do more to make building apps for its platform a priority for developers and also do a better job of marketing and communicating the already established strength of its app story.

So if you want to be in the midst of the mobile testing needs, focus your time in Android and iOS testing. Don’t forsake Windows Phone or Blackberry though, if those OSes continue to grow testers are going to be in high demand, especially since they’ll be less common.

If you’re a tester in emerging markets like South Africa, Brazil or Indonesia, invest in your mobile collection and brush up on your testing skills, the mobile app ecosystems in those areas are taking off, which means testers will be busy.

All this talk about Facebook Home for Android has peaked my curiosity. As a new Android convert and a Facebook junkie, it seems logical that I would gravitate towards this. However, I find all the information out there is negative criticism. Everything from security issues to how Zuckerbergs announcement was remiscnent of Microsoft in 2011 (see video).

But, for those of us with an Android phone, and who love the capabilities of the Android, this could be a great thing! A recent post on AndroidAuthority highlights some of the benefits of this marriage.

1. Android dodged a bullet by creating a software that runs on top of android and not forking android, like the Amazon Kindle Fire, “(Android) has further cemented its position at the top of the mobile ecosystem”
2. “Facebook has just become one (if not the most) powerful Android ally.”
3. “Custom launchers will become much more popular, and thus a real advantage in the market for Google, and not just another paragraph in “top 10 reasons Android is better than iOS” articles.”
4. “Love it or hate it, the concept will surely make a lot of impact on the market.”

Personally, I am excited for it, but what I really want to know if what you think about. Tell us in the comments!

Jennifer Lent is the site editor for TechTarget’s SearchSoftwareQuality.com. She is a treasure trove of mobile application dev and testing news. If you have some time to kill and want to learn more about the rise of mobile and how it’s changing companies and their development approaches (particularly in enterprise) go through her archives.

In the meantime, here’s a look at four major changes mobile has forced upon the traditions of software development, as highlighted in Jennifer’s article “‘New Normal’ Emerging as Software Teams Go Mobile.” (I think you, dear readers, will particularly enjoy the third point.)

Mobile demands shorter delivery cycles

Delivery cycles for Web projects range from nine months to 12 months, according to Michael Gilfix, director of enterprise mobile at IBM. “Mobile projects run three to six months,” he said. Independent software consultant Howard Deiner said two months is more like it.

More software updates for mobile projects

“In mobile, you release continually,” [IBM's Gilfix] said. A key reason for continual releases is the constant changes in mobile handsets — not just new devices, but also new versions of the iOS and Android mobile operating systems. “Release managers have to wrap their heads around that,” he said.

1:1 dev-to-tester ratio rules

One tester for every developer on the project is largely the result of the complexities of mobile testing. Quality assurance (QA) pros must take into account the multiple devices, mobile operating systems and versions of those operating systems — as well as connectivity conditions that vary widely, depending on the mobile user’s location, [Ojas Rege, vice president of strategy at MobileIron] noted.

Mobile apps help software teams get serious about security

“Software teams working on Web apps never embraced security wholeheartedly,” [Theresa Lanowitz, Voke Inc. analyst] said. “For 10 years we’ve been having this discussion about who is responsible for application security, and we have not made a lot of headway.” But now, mobile apps are driving the need for security testing. Maybe, finally, we’ll embrace security in the enterprise, and that would be good for the security of all apps, she said.

Read the full article at TechTarget >>>

It’s clear that Jennifer, and everyone she interviewed for this article, understands and appreciates how different, complicated and ever changing mobile app testing is. Sure, the basics are the same as all software testing, but there’s a lot more to consider when it comes to mobile. Companies need to change their approach to development and QA if they want to keep up.

The hammer did not make the top seven list.

VentureBeat recently posted a guest blog by Xanadu founder and product strategist Mariya Yao titled, “7 tools to make your mobile app suck less.”

We found it to be a great article – not only because it mentions using uTest, but because we agree these are some of the critical components to making apps that delight your customers.

Here the tips from Yao :

1. Get a professional evaluation – Yao specifically listed “services like uTest.”
2. Check if people get your value proposition – Why should people care about your app? Clue can help.
3. Track the right metrics – This is exactly why uTest acquired Apphance and built Applause.
4. Record real users as they try your app – We love this bullet and like to think we know a thing or two about in-the-wild testing.
5. Use heat-maps to track user actions and paths – Yao listed Heatma.ps as a tool for this.
6. Split-test different design assumptions – Yao highlighted Swrve, LeanPlum and Arise.io as valuable tools.
7. Discuss your design feedback with your team – Yao recommended Notable.

Question for our readers – what other tips or tools should be included in this list?

How’s this for mobile security? Arstechnica posted an article yesterday on the fact that Apple’s iMessage encryption is proving to be a huge challenge for the FBI.  Here’s a quick except from the article:

The CNET report cited an internal government document discussing a criminal investigation in February. It warned that because of the encryption, “it is impossible to intercept iMessages between two Apple devices” even when agents have obtained a court order. The Drug Enforcement Agency “Intelligence Note” said iMessage stymied the ability to perform real-time electronic surveillance under federal wiretap statutes. Text messages already obtained from Verizon Wireless were incomplete because the investigation target used the Apple service. “It became apparent that not all text messages were being captured.”

CNET originally covered the issue and included a link to Johns Hopkins research professor Matt Green’s blog post. Green, a  cryptographer, contends that iMessage is very widely used, very complicated and “that the full protocol has never been published by Apple or vetted by security experts.”

Why are those three items important?

According to Green, complication means “lots of places for things to go wrong.”  The fact that the protocol has not been vetted by experts means nobody outside of Apple really understands the potential threats, flaws or whether or not Apple themselves can access the information. The fact that iMessage is so widely used (millions of users) simply compounds the urgency and cost of the potential security flaws.

Recent studies have showed an interesting trend in the way in which iOS and Android users consume data and use their handsets over Wi-Fi connections. Although Android dominates the marketplace, it appears that iOS devices captured over 61% of mobile web traffic. A staggering statistic when you look at the fact that “in the fourth quarter of 2012, Android made up 70 percent of the smartphone market according to IDC’s numbers. iOS held a mere 21 percent. Gartner’s estimates for the same period show the same breakdown.” (Read the full article on Wired.)

The statistics for in-flight Wi-Fi follow the same trend too, where researchers are seeing iOS making up 84% of the usage. However, there are several factors that come into play here. First of all, iOS dominates the tablet space and half of all in-flight Wi-Fi traffic comes from iPads alone. It is also important to note that over 41% of iOS users tend to be considered affluent and therefore can afford the charges that accrue when using in-flight Wi-Fi.

Another factor that comes into play in this overall trend is that Android users tend to use their devices on cellular networks more than Wi-Fi. Android users are on the go and using their devices in shorter bursts, whereas iOS users tend to settle in for longer stints on their device through a Wi-Fi connection. As an Android user myself, I see this to be the case. I am always on the go and I find using the cellular network, on which I have unlimited data, to be more reliable. This, of course, skews the data slightly in favor of iOS devices because the majority of these studies were conducted on the usage of devices on Wi-Fi.

It is also interesting to note that, according to the Wired article, “this odd usage discrepancy between iOS and Android could be disappearing though. A survey published in March questioning Galaxy S III owners and iPhone owners found very little difference in the way they use their mobile devices.”

So how do you use your device? Wi-Fi or Cellular Network? Android or iOS?