Developers Beware: Poor Coding Practices Results in Poor Mobile App Security

Developers Beware: Poor Coding Practices Results in Poor Mobile App Security

Enterprise organizations interested in developing their own mobile apps would benefit from reading HP Security Research’s new Cyber Risk Report 2015. The report presents an in-depth look at enterprise IT security overall, and like other security reports, it mobile app security and the threat of mobile malware.

But what is particularly chilling is the report’s findings on security vulnerabilities that result from poor coding practices. It’s worth quoting HP’s summary of poor mobile app security in full:

“The primary causes of commonly exploited software vulnerabilities are consistently [sic] defects, bugs, and logic flaws. Security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. Much has been written to guide software developers on how to integrate secure coding best practices into their daily development work. Despite all of this knowledge, we continue to see old and new vulnerabilities in software that attackers swiftly exploit. It may be challenging, but it is long past the time that software development should be synonymous with secure software development. While it may never be possible to eliminate all code defects, a properly implemented secure development process can lessen the impact and frequency of such bugs.”

How do these programming errors play out in the world of mobile app security?

Big Threats From Bad Coding Habits

The report’s ranking of the top five mobile vulnerabilities stemming from poor coding practices are:

  • Privacy violation: 74%
  • Insecure storage: 71%
  • Insecure transport: 66%
  • Insecure deployment: 62%
  • Poor logging practice: 47%

These results highlight poor mobile app security as well as violate broader corporate security policies and best practices. More specifically – and more troubling – poor mobile app security insufficiently protects enterprise data in storage and in transit. Should enterprise data, which often contains sensitive information like intellectual property, financial information, and personally identifiable information (PII), become compromised and accessed by unauthorized users, it will surely damage the offending company’s brand equity, destroy customer loyalty and draw a compliance violation.

So, what are the implications of poor coding practices and insufficient mobile app security? On closer examination of mobile apps, the following common problems were reported:

  • Insecure storage due to insufficient data protection: 54%
  • Poor logging practice: 47%
  • Weak cryptographic hash: 43%
  • Missing jailbreak detection: 37%
  • Know mobile attack surface fingerprint: 34%

The report also found that mobile apps often improperly used geolocation, potentially disclosing confidential data about locations, and screen caching.


What Are Secure Coding Standards in Mobile Apps?

Secure coding standards in mobile apps refer to best practices and guidelines for developing mobile applications that are secure and protected against malicious attacks. These standards help ensure that an app is safe to use and prevents hackers from gaining access to the user’s personal data. Examples of secure coding standards include input validation, encryption, authentication and authorization, data storage, and the use of secure communication protocols.

5 Measures to Include in Your Secure Coding Best Practices Checklist

Secure coding is a vital part of achieving good software security. By following secure coding best practices, developers can prevent potential vulnerabilities and cyberattacks on their code. All developers should use a secure coding best practices checklist to ensure their code is as secure as possible. Here are five measures to include in your secure coding best practices checklist:

  1. Use standard security libraries: Use the most secure versions of standard security libraries available to ensure that the code is secure and meets industry-accepted standards.
  2. Adopt secure coding practices: Secure coding practices include using modern language features such as type-safe languages, making sure robust error handling and logging is used, and sanitizing input to avoid attacks.
  3. Use automated source code analysis: Automated source code analysis can help detect errors and security flaws in code.
  4. Perform vulnerability scans: Periodically perform vulnerability scans on the code to identify potential vulnerabilities.
  5. Encrypt all sensitive data: All sensitive data should be encrypted and stored securely in order to prevent unauthorized access.

The Importance of Secure Mobile Apps

Mobile computing is going to be increasingly important in the years ahead. It’s already the preferred medium for many employees, and in the next five years, we can expect even more work to involve mobile apps.

To take advantage of this mobile revolution and further increase productivity, many enterprises are now developing their own mobile apps in-house. This is laudable but difficult work. Mobile operating systems like Android are still relatively young. Legacy data systems are old, diverse, and scattered across the enterprise.

Marrying the latest in secure mobile file sharing and simple integration with diverse legacy systems, such as Enterprise Content Management (ECM) systems including Microsoft SharePoint and EMC Documentum, is no easy task. But it’s a task that, if done well, promises to yield tremendous benefits in terms of productivity, efficiency, and operational agility.

As this report indicates, however, these benefits can be quickly undermined by data breaches resulting from poor mobile app security. Enterprise development teams should therefore heed the warnings of this report and strive for mobile app security when developing functional mobile apps. By designing applications that enhance productivity without compromising mobile app security, developers will avoid these common pitfalls.

Additional Resources

console.log ('hstc cookie not exist') "; } else { //echo ""; echo ""; } ?>