In 2014, mobile app security will be hard to peg down, because the rush to get new mobile apps will foment rapid development and release. Expect to see security problems as developers yield to the temptation to focus on features and neglect security, said Andrew Kellett, principal analyst, Ovum Research. Another research firm, Gartner Inc., predicts two-thirds of mobile applications will fail basic security tests between now and 2015.
Keeping mobile apps and the data therein secure will require constant up-front work in development, as well as constant vigilance of software technology and mobile device trends. In particular, watch trends in user authentication, biometrics, voice, fingerprint access and usage patterns, said Kellett. In this article, he and mobile security experts Domingo Guerra and John Overbaugh examine mobile app trends and usage that spell trouble.
Developers who rely on third parties to manage login credentials should pay special attention to the massive security breach and mobile app trends, some industry insiders say. Hackers who obtain login credentials for websites like Facebook and Twitter can potentially gain access to users' applications, according to Guerra, president and co-founder of Appthority, a company specializing in application risk management.
"Because of the growth in social media SSO [single sign-on] in the app ecosystem, an estimated 60% or more of the top apps leverage social media SSO and let their users log into the app with other accounts such as Facebook and Twitter," Guerra said. "Most of the use of social networking SSO is actually to facilitate social interaction, but by having the user log into an app with a Facebook account, the developer also gains instant access to some of the user's Facebook information."
Mitigating mobile security risks
Secure coding techniques have emerged over the years, Kellett noted, that have been effective and need to be applied to the mobile environment. "Quite a lot of folks are still at the stage where they are developing apps from the home office or the garage environment," he said. "There isn't anyone looking over their shoulder to make sure their techniques are up to standard and appropriate."
Mobile apps at forefront of technology
Using MBaaS for enterprise apps
Mobile app modernization needs rise