Mobile app security risks climb as remote work increases
Security of mobile apps remains a key priority for business organizations of all sizes, particularly as remote work creates a surge in the use of mobile devices. With the growth of “bring your own device” policies, and the expansion of remote work, more employees than ever are using their personal smartphones and other devices for business-related activities and tasks.
A Gartner report on the use of global devices observed, “The integration of personal and business lives, together with a much more dispersed workforce requires flexibility of device choice. Workers are increasingly using a mix of company-owned devices and their own personal devices running on Chrome, iOS and Android, which is increasing the complexity of IT service and support.”
BYOD has been a challenge for many organizations since long before the start of the COVID pandemic. For instance, Trend Micro released a report in 2014 showing that more than 46% of enterprises that allowed employee-owned devices to access their network experienced a data breach. But the rise in remote work since 2020 has created an even greater proliferation of personal devices, with downloaded non-business apps, to access networks and data. With more employees connecting to company systems via home or remote Wi-Fi access, the security risks are affecting not just enterprise level companies but organizations of all sizes. As Forbes noted in an article about the rise in cyber attacks, “The rapid move to remote work made it hard for security professionals to keep up the pace with updating infrastructures to support an online-all-the-time, connect-from-anywhere workforce. It made networks easier to target with many employees working from home on unprotected Wi-Fi networks.”
Meanwhile, in their Mobile Security Index 2021 Report, Verizon reveals that, “More than one in five surveyed companies had experienced a compromise involving a mobile device in the preceding 12 months. And further, the severity of the consequences remained high.”
The Verizon report also showed that cybercriminals are finding new ways to infiltrate devices. The usual suspects—phishing, ransomware and malware—remain a top concern, but cybercriminals aren’t standing still. They are getting increasingly creative at finding new ways to fool users, break through companies’ defenses and compromise organizations’ systems and cloud-based apps.
For example, Verizon reports that system intrusion is one of the newer threats. “This new pattern consists of more complex attacks, typically involving numerous steps, Verizon warned. “The majority of these attacks involve Malware (70%), usually of the Ransomware variety, but also of the Magecart attack type used to target payment card data in web applications.”
As threats escalate and organizations implement more cautious security protocols, there is increasing pressure on software developers to make apps more secure during the development process.
User demands driving faster app delivery
Along with security concerns, demand from users for optimal UI and faster apps is also pressing software development teams to deliver faster and more frequent releases. As DevOps.com notes: “The shift to agile software development and continuous deployment methodologies is another factor ratcheting up pressure on developers to create new apps in weeks, or even days, without sacrificing quality.”
The pressure to shift app security further left in the development pipeline means that app security best practices have shifted to a more substantial approach. According to an InfoQ report, “In order to secure mobile apps, a multi-layered and comprehensive security defense is required… mobile app security must be automated, rapid, continuous and iterative, as well as guarantee-able and auditable. In other words, mobile app security needs to evolve to fit the way developers build apps and not the other way around.”
Continuous delivery automation testing solutions are a key part of the app security best practices that are helping software organizations deliver safer and more secure apps.
Evaluating a continuous testing and automated testing tool
As software features need to be delivered more quickly to meet demand, continuous testing and automated testing solutions can ensure that apps are more secure during the development process, well before they are launched in the App Store or on Google Play.
A comprehensive mobile app testing solution will be multi-layered and include both manual and automated testing. Also, continuous testing can ensure that testing is more effective. As Tech Beacon explains, “Testing should be combined with benchmarking against industry standards and user expectations to be sure that what seems acceptable to developers is also acceptable to users. Testing should also occur on a continuous basis. Monitor performance and look for user feedback suggesting problems, and then fix things as soon as possible.” Continuous testing is most effective when conducted at various stages throughout the software development pipeline.
Another key piece of mobile app testing involves complete testing on physical devices. As DevOps.com recently stated in an overview of mobile apps testing, “Unlike traditional apps, mobile applications need to be tested on dozens, sometimes hundreds of devices to ensure they run anywhere. The proliferation and ubiquity of mobile devices mean developers need to test on more than 350 devices just to cover 90% of the mobile device market.” Unit and regression testing on devices should also include multiple variations of iOS and Android devices, and on different network and environments.
Finally, advanced mobile app testing solutions often include AI-empowered analytics that work to analyze risk threats through data correlation and detect bugs during the development process.
Digital.ai Continuous Testing solution allows software development teams to perform mobile testing continuously and provides access to thousands of real physical devices. To learn more, visit: https://digital.ai/continuous-testing