Do We Worry Enough about App Security?
The reality is that as developers and app users we don’t focus on security nearly enough. Jon Evans of TechCrunch says as users, instead of worrying about it ourselves, we let the Facebooks and Googles of the world take care of it for us, which puts us—and the companies and apps on which we rely—in some treacherous territory:
Alas, right now it seems that many-to-most people value conformity more than privacy. What’s more, instead of worrying about security ourselves, we trust others—Amazon, Apple, Facebook, Google—to take care of it for us. As the great Bruce Schneier points out, in some ways we’ve regressed to a feudal notion of security.
… Security is, by its very nature, something most people generally hardly worry about at all—until and unless that one awful day comes when it’s the only thing they worry about. By then it’s usually too late to start taking it seriously.
As users we can certainly become more security-savvy. But more importantly, as app developers, security needs to be the uppermost priority. Security failures usually occur because of poor design and a lack of testing. Therefore, if there were more forward thinking during the design phase, developers would be able to produce better, more secure apps.
T.L. Neff of Wired finds that when it comes to development and security, “less is more” and forward thinking is essential:
Overall, users must include security factors while designing the app. Sure, you can be conservative about what you expose in the first place. Definitely consider some limits on what can be downloaded, and think about using graphical cues instead of text. By taking these kinds of steps, you’ll likely end up with apps that are more streamlined and user-friendly, and minimize security risks for your company.
The bottom line: Don’t approach security as a set of utilities you put in place after apps are deployed. You’ll get better security through more of a life-cycle approach where you design with security in mind, and also test for security.
It seems it will take a collective effort from companies, developers, and users alike to really improve mobile app security.
Looking for resources on mobile app security? The free white paper Security Testing offers security testing tips on common attacks, security tools, and ways to build a better QA team.