When developers create apps, it's fair to say that security is rarely the main focus. Often the key priority is to make the app functional and have it ready to hit the stores by the client's deadline. Unfortunately, this frequently means that apps hit the marketplace in an insecure state, ready to be exploited by hackers.
.
The statistics speak for themselves; A report from Nokia states that one in 120 smartphones across the world is infected with malware. News of hacked apps and scary security breaches hits the headlines on a regular basis - so it's in all app developers' (and definitely users') interests for their app not to be next on the list.
.
Here are three ways for app developers to manage these risks:
.
1. Promote security best practices to all involved in app development
.
Usually, many people are involved in app development - programmers, clients, internal user testers, and third parties. For the sake of convenience, it's often tempting to fall into lazy practices, such as allowing basic passwords to be used during testing. Unfortunately, it's easy for these to slip into live releases, leaving gaping holes in a production app.
.
It's the same with open ports. According to a Wired report from April 2014, thousands of apps leave smartphone ports open (or protected only by a hardcoded password) for the sake of convenience, creating a huge security flaw. Download numbers for some of these apps run into six or seven figures. Wise app developers should ensure everyone on their teams adheres to basic security principles and doesn't sacrifice them for the sake of other priorities.
.
2. Stay up to speed on the latest security threats
.
The world of cybersecurity moves fast, and there's always something new to be wary of. Ransomware has been a buzzword for a couple of years now. Security specialists Imperva bring the scale of ransomware into sharp focus, citing the FBI's description of it as "a $1 billion industry." They also report that 40% of businesses were hit in 2015 and 93% of phishing emails contain ransomware.
.
Such exploits (which usually lock down devices and encrypt data until the victim pays up) are booming in popularity, with ransomware attacks quadrupling in 2016 and estimated to double in 2017, according to SC Magazine. Ransomware is very relevant to mobile apps now too; Ars Technica recently reported on how an Android user was successfully infected with a sophisticated exploit called "Charger" via an app downloaded from the Play Store.
.
Ransomware may be the current big thing, but there will be a new one along in due course. Everyone involved in app development should remain fully informed as to new security developments.
.
3. Monitor the security status of third-party tools and plugins
.
Most modern apps don't work in isolation. They'll have databases held in cloud services, use third-party APIs, and link into all kinds of other plugins and systems. Even huge companies like Airbnb and Netflix use Amazon Web Services.
.
Any one of these can prove to be the undoing of an app when it comes to security, so it's essential to remain aware of the security status of everything connected to an app. Any web developer who's had a site hacked due to a flaw in a third-party WordPress plugin will attest to the importance of this.
.
With all this in mind, security has to remain in focus at all times, even if it may impact the speed of development.