Many users of mobile apps don’t worry much about the security and privacy of their data. What matters most to them is that the apps make their life more convenient. If their past app experiences were free of security problems, they will assume that their current apps are safe as well. However this implicit trust is misplaced because the inexperience or naivete of many developers has caused the release of apps with woefully inadequate security. Here are five important security tips for mobile app development:
Don’t Ask For Unnecessary Information
Information can’t be intercepted or stolen if it isn’t transmitted or stored in the app in the first place. Give information requirements careful thought. Does your app use all of the information requested from the user? Can it make do with less?
Always Require Password Entry When The User Logs In
Mobile devices often get lost or stolen. Apps that remember the user’s password to make future logins more convenient remove an important barrier to accessing the user’s confidential data.
Encrypt Transmitted Data
The security concerns about data interception when a browser interacts with an unsecured website that doesn’t use encryption also exists with applications that transmit data. An app user’s login information and other transmitted personal data can be intercepted in an unsecured public Wi-Fi.
Use Strong Encryption Algorithms And Protocols
Use accepted encryption algorithms and protocols rather than your own in-house versions. “Accepted” in this case means it’s currently accepted by the security community.
Consider Requiring Strong Passwords
Weak passwords are often used out of convenience. If your app stores sensitive user data, consider using a password strength checker to either encourage or require the user to use strong passwords. Security trumps convenience if compromised user data can cause serious harm. Finding the right balance between usability and security will require careful analysis.
While these security tips are important, they are not a comprehensive list. For more information about mobile app security and app development in general, contact us at Spiralogics.