Always the afterthought: Security
Meanwhile, all that data must be encrypted, both at rest and in transport. Indeed, the very collection of data should be carefully considered, given that keeping precise location information, for example, can put an app developer at legal risk. Just ask any software vendor that stores location data if it’s ever been subpoenaed in a divorce case.
And the problems will only get worse as “data exhaust” from mobile users is hoovered up by government agencies, beneficial programs and attackers alike. That’s why professional security is a mandate.
“First things first: You are probably not a cryptographer. I’m not a cryptographer. It’s easy to think that you understand the subtleties of an encryption algorithm or to copy and paste crypto code from somewhere online, but you will generally mess up if you try to do crypto yourself,” writes David Thiel in his new book, “iOS Application Security: The Definitive Guide for Hackers and Developers.” “That said, you should be aware of the Common Crypto framework, if only so you can tell when other developers are trying to play cryptographer,” he continues, recommending that the only method you should play with is CCCrypt.
Because it supports known bad encryption methods such as Data Encryption Standard, and because it lets the developer switch from the default cipher block chaining to Electronic Code Book mode, the framework is dangerous. According to Thiel, who works as a penetration tester, he still sees this problem frequently.
Three quarters of all mobile security breaches are due to misconfigured apps, Gartner says. In the wake of the FBI’s case against Apple in the matter of cracking Apple’s own file system encryption for counterterrorism purposes, the need for application-level security has never been stronger.
“I think people are watching that case. It will definitely change the way they build apps,” said Couchbase’s Carter. “They’re not going to lean on the device manufacturer to build the security in. In the banking and medical fields that’s already the case: They need data-level encryption.”
What else is new?
With WiFi direct, iBeacons or NFC complicating the wireless communication field, the attack surfaces are only going to expand. But security will always be less exciting than the new ways our devices can anticipate our needs, as well as the proliferating SDKs to help developers achieve them. “Integration of various technologies like camera vision, voice recognition and machine learning will help to improve user experience by allowing the user to perform complex tasks without having to reach out to the device,” said Dhaval Sheth, senior software engineer at Events.com.
As mobile apps become ever more predictive, progressive and responsive, we eagerly wonder: Will we be best friends forever?
Small tweaks make all the difference for mobile success
When it comes to mobile apps, getting the user to not only open the app but use it to its fullest is critical to avoiding abandonment. So how do you increase a push notification opt-in rate from a measly 22% to an industry-leading 62%?