Mobile apps are collecting and utilizing personal private data at a rapid pace. The prevalence of these apps in the B2C space puts these data gathering devices in the uncontrolled and unpredictable hands of consumers on a massive scale. Because of that, questions remain as to whether or not security best practices are sufficient to prevent breaches. If not, other measures must be considered to ensure customers are safe when using apps from their favorite businesses.
These are questions that have to be asked not only by IT personnel developing these apps but at every stage along the app creation and utilization timeline. App developers, mobile security experts, government regulators, and the creators of industry guidelines must understand the app types that create the most risk, how internal and external factors contribute to those risks, and what is currently being done to mitigate these issues. Clearly more work is needed in this space.
Key findings include:
- Mobile applications are proving to be vulnerable, and there is no foolproof way to protect an app once it has been distributed to the general population. Care needs to be taken to monitor and protect the application as it operates in real-time.
- App store monitoring and pre-distribution security evaluation can only affect an app if the app had not been compromised in the field.
- Increased industry standards and training on secure app design, data storage, and security testing are necessary to ensure consumer safety.
- App development frameworks need to be in place to provide both app-side and cloud-based monitoring of app activity.
- A full stack of security tools also involves the need for server-side tools that can monitor incoming data requests for potential malicious activity from compromised or spoofed clients.