Mobile application development is one of the most progressive industries in present times. It is the leading sector of the software industry to add to workforce productivity and revenue generation. However, the industry is not free of a critical side. Several security issues have been reported in mobile app development, especially in scenarios where interaction with the backend core application areas of an enterprise is concerned. It is increasingly being realized that mobile applications are for a select few skilled & informed workers of an enterprise who comprise the mobile workforce. But what about the other subset of an enterprise's employees who have to be at the workplace for conducting business operations? In an attempt to facilitate both parts of the workforce, an organization may end up neglecting the intricate security details involved in mobile application development. Here we take a look at the security risks that mobile apps are prone to within an enterprise:
1. Security of Data on a Mobile Device - The data stored on mobile applications are done in a local device as this assists in better performance of the apps. However, this raises the possibilities of security threats as one can easily encrypt the stored data. Asymmetric algorithms are used on mobile apps which allow encryption & decryption as resource intensive functions. A balanced approach, to help avoid security issues, would be to use symmetric algorithms to encrypt data and then use the asymmetric keys to encrypt the symmetric key.
2.Password Issues - Mobile devices are usually small in size. This leads to enterprises neglecting the password policies used for the apps. While desktops used passwords of minimum 8 to 10 characters in length, it has come down to 4 characters for mobile devices. The security perspective is overlooked here in the sense that it becomes easy to detect & learn a smaller password.
3.Monitoring and Analysis of Security Issues - Incidents like failed logins, password changes, non repudiations, and unauthorized access requests are security threats with respect to the mobile app environment. The approach by enterprises should be to monitor and analyze these incidents to thwart the loopholes in security.
4.Data Confidentiality - Within an enterprise, it is natural for data to be frequently transferred between different systems. Data security is often jeopardized in the process. Unlike desktops & laptops, there are several intermediaries during the transition o data from one mobile device to another. The integrity of data may be lost in the process, especially if the intermediary mobile devices are in the hands of several workers. It is a challenge to app developers to solve this issue of security risk.
5.Device and Application Management - Employees may be transferred between different departments of an enterprise. When this move takes place, they get access to several sections of the enterprise data through use of different mobile apps. It is important for the enterprise to effectively manage its devices and apps to avoid unauthorized access risks.
Hence it is clear that though mobile apps are necessary for the proper functioning of any enterprise, sometimes the same apps may pose security threats to the enterprise. An enterprise must avoid the above listed points to shun security risks involved in mobile application development.
1. Security of Data on a Mobile Device - The data stored on mobile applications are done in a local device as this assists in better performance of the apps. However, this raises the possibilities of security threats as one can easily encrypt the stored data. Asymmetric algorithms are used on mobile apps which allow encryption & decryption as resource intensive functions. A balanced approach, to help avoid security issues, would be to use symmetric algorithms to encrypt data and then use the asymmetric keys to encrypt the symmetric key.
2.Password Issues - Mobile devices are usually small in size. This leads to enterprises neglecting the password policies used for the apps. While desktops used passwords of minimum 8 to 10 characters in length, it has come down to 4 characters for mobile devices. The security perspective is overlooked here in the sense that it becomes easy to detect & learn a smaller password.
3.Monitoring and Analysis of Security Issues - Incidents like failed logins, password changes, non repudiations, and unauthorized access requests are security threats with respect to the mobile app environment. The approach by enterprises should be to monitor and analyze these incidents to thwart the loopholes in security.
4.Data Confidentiality - Within an enterprise, it is natural for data to be frequently transferred between different systems. Data security is often jeopardized in the process. Unlike desktops & laptops, there are several intermediaries during the transition o data from one mobile device to another. The integrity of data may be lost in the process, especially if the intermediary mobile devices are in the hands of several workers. It is a challenge to app developers to solve this issue of security risk.
5.Device and Application Management - Employees may be transferred between different departments of an enterprise. When this move takes place, they get access to several sections of the enterprise data through use of different mobile apps. It is important for the enterprise to effectively manage its devices and apps to avoid unauthorized access risks.
Hence it is clear that though mobile apps are necessary for the proper functioning of any enterprise, sometimes the same apps may pose security threats to the enterprise. An enterprise must avoid the above listed points to shun security risks involved in mobile application development.
Source...