Companies that build and use mobile apps need to keep the security of their apps front and center --- but you'd be surprised at how frequently the most basic app security steps aren't taken. Insecure apps not only pose risks to businesses, but also chase away potential customers.
To make sure that your apps are as secure as possible, keep in mind these top five tips from Modern Mobility.
- Require that users have passwords. If the app is business-facing, make sure that passwords are required to use it. If a password isn't required, it's easy for anyone who gets their hands on the app to get into sensitive corporate data. And don't just require a password --- make sure that there are minimum complexity requirements for it as well.
- Limit an app's data access permissions. When someone installs an app, the app asks for permissions to access user data, such as contacts, the app's hardware, and more. Make sure that any apps you create ask only for data that's absolutely vital. If it's a consumer app, requesting access to too much sensitive information can scare away customers. And giving apps access to sensitive data can lead to data leaks.
- Don't allow sideloading. A sideloaded app is one that can be downloaded and installed outside of device's native app stores, That's a problem because sideloaded apps don't go through normal security checks used by stores. IT should ban any company users from using sideloaded apps. In addition, IT shouldn't let its own apps be sideloaded, because a hacker could infect the app --- and then the enterprise would be held to blame for the damage the hacked app did to consumers.
- Check iOS vulnerabilities. Android is much more susceptible to malware than iOS, so many companies focus their mobile security efforts on Android. But iOS can be infected as well. Pay attention to measures to secure iOS apps.
- Keep mobile OSes up to date. Every time a mobile operating system like iOS or Android is updated, it comes with a host of new security patches and features. Companies should ensure that all mobile devices are kept up to date.
Comment