About 180 billion downloads of mobile apps; that’s an astonishing figure, but it’s a reality. According to Statista, that’s how many times people will download apps on Android, Windows and iOS devices in 2015.according to Statista.

statista-mobile-apps-usage

But there is more. Statista’s data shows that in 2017, we can expect approximately 270 billion app downloads. When we talk about mobile apps, we are talking about one of the fastest growing businesses - think that in 2009 the amount of downloads was 2.500 millions, a number that will be 100 times bigger in less than 2 years from now.

1.6 million apps are currently available from the Google Play marketplace, while 340,000 are available for Windows Phone users. Apple’s App Store, meanwhile, reported 100 billion cumulative downloads between July 2008 and June 2015.

Many of these apps are free, while other cost money. One thing they have in common? They all access a small or a big piece of your personal data. Are you sure that you are sharing your personal details with a trustable application? Does your favourite app leak your personal data? Do the organizations that collect your personal data through mobile apps, protect it well enough?

Your mobile is not just a phone, it’s much more. It is a complex device that allows you access the Internet, buy products, check your bank account or even control your home appliances. It is arguably the most important belonging you have because of the information it holds. It is the key to accessing your personal life, the tool that puts you in touch with your most important data.

Cyber criminals know that and they will try everything possible to steal your data, from creating malicious apps to modifying trusted and legitimate applications and distributing them through unofficial channels (beware of cracked apps) to embed malware.

What should mobile app developers do?

First and foremost, all developers must be aware of the typical security risks that affect mobile applications. To be able to develop secure by design mobile apps, we strongly suggest you to read the OWASP Mobile Security Project - Top Ten Mobile Risks. This project highlights the most common security issues that affect mobile applications which have not been developed with security in mind.

But when it comes to developing secure mobile applications, where should you begin? Bring IT Security into your Software Development Life Cycle (SSDLC) by making sure that security concepts and processes are taken into consideration from the earliest stages of the Software Development Life Cycle. You need to consider whether your security measures are sufficient during each and every stage.

  • Follow a Secure SDLC approach. Do this by making sure that your product development team is trained to follow the best practices for secure development throughout the entire development process.
  • Gain extra assurance that your secure approach to Software Development has given you the right results by running recurrent application security testing.
  • Patch all identified security issues and provide new releases of the app as soon as possible, notify your clients and possibly force them to download the updates. 

What should apps users do?

If you are the final user of an app, then here is a short checklist that will help you to manage your applications and do the right thing when you decide to install them onto your device. When you install an app, you are exposed to several risks, so make sure that you take your time before installing software onto your device

  • Don’t download apps from websites that you are not sure of. Trust the most common sources (Google, Apple, Windows) and give priority to their approved apps.
  • Double check which rights the applications asks you to approve. If you do not think that certain rights are necessary, do not approve them.
  • Search the Internet for the app name and security issues / privacy issues related to it. You might discover facts about it that are reported only in forums and communities.
  • Read the app’s privacy notes and find out what level of responsibility the creators of the app are willing to take. A company that takes full responsibility of the privacy of their customers’ data is most likely to be trustable and very much aware of what they are doing to protect you.
  • Make sure your OS is up to date. If not, update it with the latest, and arguably, most secure versions.
  • Do not jailbreak or root your device if you are not 100% aware of the potential consequences on your privacy.
  • Beware of public Wi-Fi networks as your data may be stolen by criminals. (take a look at this experiment).

Invest in Secure SDLC best practices

This is probably the most effective decision you can take. Secure Software Development Life Cycle is a discipline that merges the ability and methodologies of software and app development with the knowledge of cyber security experts, in one process from the earliest stages of your app development.

Going through the various steps of your SDLC in a secure way is not as difficult as you might think. You can get your team trained by SSDLC experts and to stay constantly in control of your application, design it in a secure way and be able to spot weaknesses that could lead to security issues.

Make sure that you develop secure software. Find out more on how to do this by getting in touch with our team of experts.

Marco Borza

Written by Marco Borza

I am the Founder of Advantio.
Technology has been my passion since I was a kid; when I first heard the handshake of an old 300bps modem I realised security would be key in an interconnected world. Since then it has become my passion and primary focus.
The reason why I've started my own business is to make IT Security simple.

Certifications: CISSP / CCSA (Checkpoint) / ITIL Foundations / ACSA (ArcSight)/ Linux+/ PCI-QSA / PA-QSA