Organizations that build or maintain mobile applications have a greater responsibility than ever to protect their applications as the number of application downloads continues to grow.
In 2020 alone, 3.8 billion smartphone users accounted for 218 billion app downloads.
Last year, Zimperium conducted a survey explaining the security issues that 250 companies are struggling with most in mobile applications.
The biggest security issue for applications for Android was the lack of runtime protection of 93%, but this data point was 79% for iOS. iOS struggled with 94% lack of code protection, compared to only 63% on Android.
The other two most common problems were weak encryption, where both application types hovered at about 50%, while the lack of data protection was about 26-38% for both device types.
Research has shown that companies were interested in the right things, such as keeping data safe and transmitting, and preventing theft of their own source code, but there is plenty of focus on fixing these concerns. No, at Krishna Vishnubhotla Zimperium, Vice President of Product Strategy, the recent SD Times Live! Webinar “Top 5 Best Practices for Mobile DevSecOps.”
The reason is that many companies are afraid that implementing a security solution will result in a poor user experience, slow development, and difficulty in use. However, this can be mitigated by asking the vendor to see if issues and concerns can be minimized or eliminated.
“People tend to look at mobile and think it’s a contained environment. There’s this feeling that it’s a bit more secure than the desktop,” said Adam Wosotowsky, principal data architect at Zimperium. “I was really surprised that it wasn’t true. From a security perspective, they wrap existing security in their apps, so I don’t think you need to worry too much. But the problem is that security. Everything is very easy to avoid. ”
To increase security, organizations should consider the following:
- Make sure security continues to work when an attacker controls the device
- Limit the pool of people who can successfully hack your app
- Do not display the encryption key in plain text
- Once you publish your app, you need to visualize the threat
- Think like a hacker – apps are windows to infrastructure
See SD TimesLive for more information. Webinar “Top 5 Best Practices for Mobile DevSecOps.. ”
In mobile applications, security and usability are not mutually exclusive
Source link In mobile applications, security and usability are not mutually exclusive