A mobile App is an application that is developed for a specific use in small, computing devices like mobile phones and tablets which have the ability to support and run them. Any government desires to have an appropriate mechanism for reaching its citizens so as to ensure that its citizens are updated on all of the governments desires and of its intentions in light of improving their general wellbeing (Lee et al, 2012).It is this reason that the federal and the state governments encourage the development of the best mobile Apps in order to smooth gadget usability and adaptability to the specific needs of its citizens and officials. This ensures the easy and secure flow of the information. To ensure that happens, the government has come up with contests where the mobile App developers take part in a competition geared towards the identification of the best mobile App (Kornecki, & Zalewski, 2015). Through such competitions, the government has been able to acquire some of the best Apps like MyTSA, WISER (Wireless Information for Emergency Responders), Dolphin & Whale 911, PTSD Coach, Solve the Outbreak, NASA App, HIV service locator, mPing and Ask Karen. All these Apps have proven to be of great help in enabling the public access social services and some of the answers which they seek from the state organs in a more convenient, easier way (Lee et al, 2013). In the discussion, we shall focus on how and what the mobile App developers have done or need to do in ensuring the improvement of mobile App security.
In the face of the great desire to have more Apps that will help improve government outreach to its citizenry; there is absolute need to take App security into consideration. Special attention needs to be paid on how secure an App is in promoting and enhancing user privacy while at the same time satisfying the rules and regulations of the government regarding App development (Tehan, 2013). Security for the information that is to be shared should be prioritized so as to avoid cases of improper editing of that information as this may mislead the public. In order to ensure the promotion of mobile security by App developers, the Federal Trade commission has come up with appropriate recommendations that must be considered during App development. Through that, App developers are compelled to come up with more secure Apps so as to achieve the enhancement of the mobile App security (Kornecki, & Zalewski, 2015). The first of the requirements aiming to promote mobile data security is that, before the App developer begins working on a project he or she should be able to understand whatever type of information their Apps will be handling. For instance, if the mobile App is to be a health check App, the information that the users of the App feed into it is confidential. It should remain kept from the public domain unless with the individual users express permission. That, therefore, means that the App developer must ensure that the information will not leak through employing the use of secure mechanisms. The App, therefore, should ensure the experience of all the users is secure. This must be taken into consideration by any serious developer who is keen on gaining accreditation from the Federal Trade commission (Lee et al, 2012).
Delegate your assignment to our experts and they will do the rest.
Secondly, the Federal Trade commission requires developers to survey the ecosystem well before embarking on the whole process. Through that the developers are able to understand better any of the opportunities that available to them together with whatever risks are involved. Once they are familiar with that they may be able to come up with and make an App that fits into that particular ecosystem (Awang & Manaf, 2015). For instance, if an App is accepted by millions of users that means that the App developer must ensure the privacy of all the users and duly meet the greater security requirement. App security must be enhanced so that there will be decreased the loss of confidential information given that most of the mobile users have accessibility to and use insecure WiFi which may make them vulnerable if the App developer doesnt consider such cases(Lee et al, 2013). An App must be designed to protect its user privacy and in return maintain the good reputation of its developers.
Federal Trade commission regulations also require that there is at least one person responsible for ensuring that security is taken into consideration at every stage during the process of App development. That will avoid and prevent the probability of skipping a process that may be very crucial in enhancing mobile App security. Secondly, the App developer must make sure they take stock of the information they collect and ensure it is safe (Kornecki, & Zalewski, 2015). For instance, if the App is meant for editing the pictures then the developer doesnt need to access the contact information of the user. App developers, therefore, must ensure they minimize the informational requirements as doing so makes the App more secure. Thirdly, if the App developer creates the usernames and passwords for the users, then they have to be made secure to avoid the loss of information. Also, the use of transit encryption is useful in promoting the mobile App security. In addition, protecting ones own server is also very important. Having a deep understanding of server security by the App developer enables them to overcome threats through coming up with appropriate mechanisms like threat modeling mechanisms that will enable them to quickly identify threats and vulnerabilities prior to any actual attacks (Kornecki & Zalewski, 2015). They may also employ attack trees which further enhances the safety of the system. In this particular case, the attacks are represented as tree structures with the goal as the root node and the accomplishment of that goal as the leaf node. For instance, Microsoft has employed the use of this mechanism, and the fig 1below shows their tree
Fig 1.Attack tree example (Microsoft)
In the case of Microsoft, the root nodes represent authentication credentials and the different ways that are likely to be employed by the attackers in trying to access the authentication credentials; the leaf nodes. Through the use of this mechanism, Microsoft is able to identify and stop the attackers from accessing the confidential information of its users (Jain & Shanbhag, 2012).
Additionally, the App developers should ensure that the storage of passwords is not in plaintext. That ensures that there is minimal or no data leakage or loss ((Jain & Shanbhag, 2012). They must be able to employ the use of available mobile infrastructure to promote the prevention of loss of information by inhibiting the unsanctioned transmission of confidential information from one mobile device to another. The organizations may also restrict foreign or outside bodies from accessing their information thus ensuring that no confidential information falls into the hands of unauthorized parties (Lee et al, 2012). For instance, the mitigation of the enterprise may be damaged if the App is insecure or mismanaged.
The threats as in the fig 2 below picture the adverse effects for all users in the event unauthorized users are able to access the enterprise's confidential information.
Fig.2 Mobile security reference archtecture(cio.gov)
Also in ensuring mobile App security, the Mobile Security Conceptual Architecture (MSRA) provides the architecture patterns that could be employed by the App development agencies to ensure that the confidentiality and the integrity of the information that is accessed by the mobile users are maintained (Tehan, 2013).The figure 3 below shows the reference of the architecture pattern that will enhance the security of the data.
Fig.3 Mobile Security Reference Architecture(cio.gov)
The industries have also come up with self-regulating recommendations that will ensure the maintenance of mobile security. The OWASP, for instance, has come up with an approved checklist which App developers may use to check and ensure that their Apps are secure. The App developers are, therefore, able to come up with more secure Apps since they are able to identify the threats and the opportunities which are also included in the checklist ((Jain & Shanbhag, 2012). They have identified some of the risks like “weak server side controls, insecure data storage and intended data leakage” and much more as shown in figure 4 below (Jain & Shanbhag, 2012).Once the App developers are aware of these risks they are able to take necessary precaution during the process of App development to avoid being the victims of such risks and therefore that promotes mobile App security.
Fig.4 Risks (OWAS, 2013)
Some industries have recommended that the best way of securing the services they are connected to. For example, the diagram below fig 5 indicated the is not magic it must begin with us.
Fig.5 (Aurich Lawson, 2013)
The app developers are advised to avoid rushing into the market before they have ensured that their Apps are secure. They are further advised to make use of tools such as PhoneGab which allows them to create secure Apps. In ensuring the security of Apps, it is imperative that the mobile App conducts little processing like for instance in our mobile phones there are Apps over which we dont exercise total control (Awang & Manaf, 2015). That will ensure the maintenance of mobile App security. The privacy of the information is also another concern. The App developers are advised always to protect the information of App users. They can make use of a well-defined API to connect the App with servers that oversee its operations and ensure the protection of information is attained (Lee et al, 2013). Continued management of the App enables the App developer to control what information the users can access and also make available an efficient user authentication mechanism to monitor sessions (Tehan, 2013). The best way that has so far been recommended is the use of the method known as OAuth 2.0 open authorization framework. In this method, the requests made by the users of the App are monitored together with their sessions (Kornecki & Zalewski, 2015). The application of this mechanism makes it easy to manage sessions and ensure that no transactions are recorded illegally.
The best way for mobile App users and developers to ensure security include: first, ensuring the implementation of the security measures. The App developers are supposed to make sure that the Apps have robust security settings and that those settings are updated as time goes by. Secondly, the users of the Apps should not limit the tools to anti- malware as that may help them identify Apps with little security protections. Thirdly, the users must make sure they download their Apps from trusted and recognized enterprise App stores ((Jain & Shanbhag, 2012). Through that, they will prevent the probability of using Apps that may pose security problems to their confidential information. Additionally, the users and the App developers should ensure that the App does not save the passwords as that may result in the loss of confidential information. Lastly, the users of the Apps should always encrypt the information the data in transit. That is necessary as no one may be able to open the data in case it leaks out accidently (Lee, Hwang, Kim, Ahn, Park, Koo & Kang, 2012).
Summing up, as discussed above it is, therefore, important for the App developers to take into considerations security issues during the App development. Despite the fact that the App developers ensure the security of the data, the users also must ensure they apply some measures as presented above also to promote the protection of their data.
References
Tehan, R. (2013, October). Cybersecurity: Authoritative Reports and Resources. Library of Congress Washington DC Congressional Research Service . Retrieved from https://www.fas.org/sgp/crs/misc/R42507.pdf
Kornecki, A. J., & Zalewski, J. (2015). Aviation Software: Safety and Security. Wiley Encyclopedia of Electrical and Electronics Engineering . Published Online: DOI: 10.1002/047134608X.W8241
Lee, J. G., Hwang, S. J., Kim, S. W., Ahn, S., Park, K., Koo, J. H., & Kang, W. S. (2012). Software architecture for a multi-protocol RFID reader on mobile devices. Handbook on Mobile and Ubiquitous Computing: Status and Perspective , 77.
Awang, N. F., & Manaf, A. A. (2015, September). Automated Security Testing Framework for Detecting SQL Injection Vulnerability in Web Application. In International Conference on Global Security, Safety, and Sustainability (pp. 160-171). Springer International Publishing.
Jain, A. K., & Shanbhag, D. (2012). Addressing Security and Privacy Risks in Mobile Applications. IT Professional , 14 (5), 28-33.
