Mobile Application Security focuses on the software security of mobile applications on various platforms such as Android, iOS and Windows Phone. This includes apps that run on both mobile phones and tablets. It includes assessing applications for security issues in the contexts of the platforms they are designed on, the frameworks they are developed with, and the intended user population (eg, employees vs. end users). Mobile apps are a critical part of a business's online presence, and many businesses rely solely on mobile apps to connect with users around the world.
What is Mobile Application Security?
More users than ever rely on mobile apps for most of their digital tasks over traditional desktop apps.
In 2015, in the US alone, users spent 54% of their digital media time on mobile devices actively using mobile apps.
These applications have access to large amounts of user data, much of which is sensitive data and must be protected
from unauthorized access.
All popular mobile platforms provide security controls designed to help software developers build secure applications.
However, it is often left up to the developer to choose from a myriad of security options. Lack of vetting can lead to
the implementation of security features that can be easily bypassed by attackers.
Importance of Mobile App Security
Developers understand the importance of mobile app security, but this is not widely understood. In addition to the rising rate
of mobile fraud, there are several other reasons why financial institutions should take mobile app security seriously and commit
to developing a comprehensive strategy.
Consumers need to be careful about the information they post and the data they download while surfing the Internet,
but marketers need to be vigilant as well. Mobile devices are almost always on, always close to you, and store a staggering
amount of personal information as well as sensitive data and documents. This can make them a treasure trove for attackers.
Mobile apps can be presumptuous in the permissions they ask for. For example, why might a weather app need access to your
camera or microphone? And could an attacker find a vulnerability in this application that gives them access to a camera or
microphone to conduct industrial espionage?
