Mobile App Development Often Ignores Security Measures

Sue Marquette Poremba
Slide Show

Seven Data and Information Security Mistakes Even Smart Companies Make

“Security is not baked into the technologies.”

I wish I had a dollar for every time a security expert said that or something similar to me as we lamented about how difficult good cybersecurity is to maintain. The problem, they have repeatedly told me, is that the Internet and most applications were never designed with security in mind. It’s a concern that we’re going to see a lot more of with the rise of the Internet of Things because we know many of these devices were never meant to be hooked up to anything more than an electrical outlet.

However, these same security experts also expressed hope that, as we see the kind of damage that can be done via malicious behaviors and attacks, developers would incorporate security into new technologies and software.

Unfortunately, that’s not happening, according to a new study from IBM Security and the Ponemon Institute, at least not when it comes to the development of mobile apps. A formal release about the study stated that the report:  

Found that the average company tests less than half of the mobile apps they build. Also, 33 percent of companies never test their apps - creating a plethora of entry points to tap into business data via unsecured devices. While these numbers may seem shocking, they aren't surprising when considering that a full 50 percent of these organizations were found to devote zero budget whatsoever towards mobile security.

As an eWeek story pointed out, mobile apps are quickly becoming a hacker’s treasure trove:

Hackers are now taking advantage of the popularity of insecure mobile apps, public WiFi networks and more to break into the highly valuable data often housed on BYOD and corporate mobile devices. Further, they're also tapping mobile devices as an entry portal into an organization's broader, confidential internal network.

Corporations have the chance to really do something about the security of the apps they are developing and to show that they respect the personal data of their customers, clients and employees. But they aren’t. My first reaction is to ask if they have learned nothing from the recent spate of data breaches and the collateral damages done to companies. However, Target and the other breaches did not happen because of a security-flawed mobile app.

It’s bound to happen, though, as more commerce and business transactions take place on mobile devices, and I wouldn’t be surprised if a major security breach via a mobile app happens in the next six months. It would be a breach that could be prevented, though, if companies took app security more seriously or if security was integrated into the development and testing phases.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Add Comment      Leave a comment on this blog post
Mar 24, 2015 2:35 AM Daria Daria  says:
An App Is Not a Mobile Replacement of Your Website Some people believe mobile applications replace websites and opt for applications, while others rely more on proven websites. Defining the purpose of websites and mobile apps, one soon comes to the realization of the importance of both. Read more Reply
Apr 2, 2015 4:17 PM Grant Harper Grant Harper  says:
It is good to know that mobile app development doesn't have many security measures. This is incredibly helpful to me right now because I am planning on developing a good mobile app soon. I just want to be sure that the development of the app goes well and that there aren't any problems with it. When I start to develop it, I will try to be sure that it is very secure so that it doesn't turn into a huge issue. Thanks for the great post! Reply
Apr 2, 2015 9:22 PM Tony Bui Tony Bui  says:
Emering trend of mobile payment raises up threat to sensitive data. With the launch of Google Pay preceding by Apple Pay, most application developers utilize NFC/Bluetooth technologies that powers many mobile payments. Hackers can exploit vulnerability on those protocols to steal informations from milions of transactions everyday. Reply
Apr 12, 2015 4:52 AM Mobile App Development Sydney Mobile App Development Sydney  says:
Yes, it is found that the average company tests less than half of the mobile apps they build and also, 33 percent of companies never test their apps, which creates high chance of entry points to tap into business data via unsecured devices. Reply
Apr 23, 2015 5:45 AM Coleen Ella Coleen Ella  says:
In modern world every business and every website need an app due to increase of smartphone use. So security is essential for mobile apps to build a strong relations between users and business. Reply
Oct 11, 2016 11:40 PM dvlper dvlper  says:
Now a days all the people are using mobile phone to share their ideas and various purposes, so mobile apps are developed more important ;this article gives good ideas for developing iOS apps for mobile this is very useful for me to develop our own apps ;am also provides a best mobile apps for iOS and android ;if you want get more ideas refer our site mobile app development Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.