Skip to main content
App management icon

This post is from the Apperian blog and has not been updated since the original publish date.

Last Updated Mar 20, 2013 — App Management expert

7 Best Practices for Mobile Application Security

App Management

Users are downloading mobile apps from numerous app stores – some of which may not be legitimate. These rogue apps might carry malware or otherwise negatively affect business data. Additionally, even applications developed in-house can pose security risks if they’re not coded correctly, according to an article in TechTarget. Here are 7 best practices enterprises can implement for mobile application security:

 

  1. Implement security measures at the application layer. It’s up to the device manufacturers to develop more robust security settings. Doing this will let users adjust the security settings to their needs and preferences, notes security analyst Russ McRee. Users and/or enterprise managers must ensure that these features are used.
  2. Don’t limit tools to anti-malware. Behavioral analysis tools can also be used, McRee says. Theses tools, which are typcially free or inexpensive, “will scan your iPhone or iPad for installed apps and filter them in an ordered list based on various kinds of behavior such as location tracking, reading the address book, and battery drain,” he says. One such app from iTunes, called Clueful from Bitdefender, will tell you if you if your data is being encrypted and if apps anonymize you as a user. McRee says there are also free or low-cost tools for Android.
  3. Only download apps from trusted enterprise app stores. However, McRee says that’s not even 100% foolproof. Enterprises should assume that the unknown third-party mobile apps users download should not be trusted. Enterprises should restrict the use of synchronization services, and distribute organization-specific apps from a dedicated mobile application store, he says.
  4. Ensure the app does not save passwords. Apps that run on mobile devices should require users to enter their passwords every time they log on, says Brian Shura, president of App Security Consulting, in another TechTarget article. The app should be designed in such a way that it cannot store passwords, he says. “With desktop apps, allowing users to save passwords to speed up future log-ins is reasonable. In mobile apps, it’s not,” he adds.
  5. Encrypt data in transit. This is a simple step but one that is often overlooked, Frank Kim, founder of mobile application security consultancy ThinkSec, tells TechTarget. “In the rush to deliver mobile apps, developers are making a lot of the same mistakes they made with early Web apps,” he says.
  6. “Listen” to the traffic that flows between the mobile app and the Web server. Tools that let you view Web traffic are also good for mobile app security, Shura says. “Manually analyze the traffic and look for method calls that could be manipulated,” he says.
  7. Contain critical corporate data. You can use container techniques to help ensure mobile app security by downloading sensitive corporate data into a separate container in the mobile app, according to Kim. “That way, the app treats corporate as more sensitive than other data, such as pictures of your kids,” he says.

More from the Blog

View more
Apr 30, 2020

Mobile Application Management: A Forward View

App Management
  IT Is Adapting in the Midst of the COVID-19 Pandemic The Coron ...
Read More
May 19, 2019

Sneak Peek: How Are IT Leaders Driving Mobile App Adoption?

App Management
Apperian conducted the The Mobile Enterprise Application Survey to fin ...
Read More
Jan 30, 2019

Part 1: App Security Should Be an Integral Part of Your DevSecOps Process — Not an Afterthought

Application Security
What are the key considerations and components of DevSecOps? The in ...
Read More
Nov 19, 2018

Breaking Down the New California IoT Law

Application Security
Recently California passed legislation regarding the security of all I ...
Read More
Contact Us