2 Apr 2022

395

Mobile App Security Assessment & Strategy

Format: APA

Academic level: College

Paper type: Research Paper

Words: 1764

Pages: 5

Downloads: 0

A mobile App is an application that is developed for a specific use in small, computing devices like mobile phones and tablets which have the ability to support and run them. Any government desires to have an appropriate mechanism for reaching its citizens so as to ensure that its citizens are updated on all of the government’s desires and of its intentions in light of improving their general wellbeing (Lee et al, 2012).It is this reason that the federal and the state governments encourage the development of the best mobile Apps in order to smooth gadget usability and adaptability to the specific needs of its citizens and officials. This ensures the easy and secure flow of the information. To ensure that happens, the government has come up with contests where the mobile App developers take part in a competition geared towards the identification of the best mobile App (Kornecki, & Zalewski, 2015). Through such competitions, the government has been able to acquire some of the best Apps like MyTSA, WISER (Wireless Information for Emergency Responders), Dolphin & Whale 911, PTSD Coach, Solve the Outbreak, NASA App, HIV service locator, mPing and Ask Karen. All these Apps have proven to be of great help in enabling the public access social services and some of the answers which they seek from the state organs in a more convenient, easier way (Lee et al, 2013). In the discussion, we shall focus on how and what the mobile App developers have done or need to do in ensuring the improvement of mobile App security.

In the face of the great desire to have more Apps that will help improve government outreach to its citizenry; there is absolute need to take App security into consideration. Special attention needs to be paid on how secure an App is in promoting and enhancing user privacy while at the same time satisfying the rules and regulations of the government regarding App development (Tehan, 2013). Security for the information that is to be shared should be prioritized so as to avoid cases of improper editing of that information as this may mislead the public. In order to ensure the promotion of mobile security by App developers, the Federal Trade commission has come up with appropriate recommendations that must be considered during App development. Through that, App developers are compelled to come up with more secure Apps so as to achieve the enhancement of the mobile App security (Kornecki, & Zalewski, 2015). The first of the requirements aiming to promote mobile data security is that, before the App developer begins working on a project he or she should be able to understand whatever type of information their Apps will be handling. For instance, if the mobile App is to be a health check App, the information that the users of the App feed into it is confidential. It should remain kept from the public domain unless with the individual user’s express permission. That, therefore, means that the App developer must ensure that the information will not leak through employing the use of secure mechanisms. The App, therefore, should ensure the experience of all the users is secure. This must be taken into consideration by any serious developer who is keen on gaining accreditation from the Federal Trade commission (Lee et al, 2012). 

It’s time to jumpstart your paper!

Delegate your assignment to our experts and they will do the rest.

Get custom essay

Secondly, the Federal Trade commission requires developers to survey the ecosystem well before embarking on the whole process. Through that the developers are able to understand better any of the opportunities that available to them together with whatever risks are involved. Once they are familiar with that they may be able to come up with and make an App that fits into that particular ecosystem (Awang & Manaf, 2015). For instance, if an App is accepted by millions of users that means that the App developer must ensure the privacy of all the users and duly meet the greater security requirement. App security must be enhanced so that there will be decreased the loss of confidential information given that most of the mobile users have accessibility to and use insecure WiFi which may make them vulnerable if the App developer doesn’t consider such cases(Lee et al, 2013). An App must be designed to protect its user privacy and in return maintain the good reputation of its developers. 

Federal Trade commission regulations also require that there is at least one person responsible for ensuring that security is taken into consideration at every stage during the process of App development. That will avoid and prevent the probability of skipping a process that may be very crucial in enhancing mobile App security. Secondly, the App developer must make sure they take stock of the information they collect and ensure it is safe (Kornecki, & Zalewski, 2015). For instance, if the App is meant for editing the pictures then the developer doesn’t need to access the contact information of the user. App developers, therefore, must ensure they minimize the informational requirements as doing so makes the App more secure. Thirdly, if the App developer creates the usernames and passwords for the users, then they have to be made secure to avoid the loss of information. Also, the use of transit encryption is useful in promoting the mobile App security. In addition, protecting one’s own server is also very important. Having a deep understanding of server security by the App developer enables them to overcome threats through coming up with appropriate mechanisms like threat modeling mechanisms that will enable them to quickly identify threats and vulnerabilities prior to any actual attacks (Kornecki & Zalewski, 2015). They may also employ attack trees which further enhances the safety of the system. In this particular case, the attacks are represented as tree structures with the goal as the root node and the accomplishment of that goal as the leaf node. For instance, Microsoft has employed the use of this mechanism, and the fig 1below shows their tree

Fig 1.Attack tree example (Microsoft)

In the case of Microsoft, the root nodes represent authentication credentials and the different ways that are likely to be employed by the attackers in trying to access the authentication credentials; the leaf nodes. Through the use of this mechanism, Microsoft is able to identify and stop the attackers from accessing the confidential information of its users (Jain & Shanbhag, 2012). 

Additionally, the App developers should ensure that the storage of passwords is not in plaintext. That ensures that there is minimal or no data leakage or loss ((Jain & Shanbhag, 2012). They must be able to employ the use of available mobile infrastructure to promote the prevention of loss of information by inhibiting the unsanctioned transmission of confidential information from one mobile device to another. The organizations may also restrict foreign or outside bodies from accessing their information thus ensuring that no confidential information falls into the hands of unauthorized parties (Lee et al, 2012). For instance, the mitigation of the enterprise may be damaged if the App is insecure or mismanaged.

The threats as in the fig 2 below picture the adverse effects for all users in the event unauthorized users are able to access the enterprise's confidential information. 

Fig.2 Mobile security reference archtecture(cio.gov)

Also in ensuring mobile App security, the Mobile Security Conceptual Architecture (MSRA) provides the architecture patterns that could be employed by the App development agencies to ensure that the confidentiality and the integrity of the information that is accessed by the mobile users are maintained (Tehan, 2013).The figure 3 below shows the reference of the architecture pattern that will enhance the security of the data. 

Fig.3 Mobile Security Reference Architecture(cio.gov)

The industries have also come up with self-regulating recommendations that will ensure the maintenance of mobile security. The OWASP, for instance, has come up with an approved checklist which App developers may use to check and ensure that their Apps are secure. The App developers are, therefore, able to come up with more secure Apps since they are able to identify the threats and the opportunities which are also included in the checklist ((Jain & Shanbhag, 2012). They have identified some of the risks like “weak server side controls, insecure data storage and intended data leakage” and much more as shown in figure 4 below (Jain & Shanbhag, 2012).Once the App developers are aware of these risks they are able to take necessary precaution during the process of App development to avoid being the victims of such risks and therefore that promotes mobile App security. 

Fig.4 Risks (OWAS, 2013)

Some industries have recommended that the best way of securing the services they are connected to. For example, the diagram below fig 5 indicated the is not magic it must begin with us.

Fig.5 (Aurich Lawson, 2013)

The app developers are advised to avoid rushing into the market before they have ensured that their Apps are secure. They are further advised to make use of tools such as PhoneGab which allows them to create secure Apps. In ensuring the security of Apps, it is imperative that the mobile App conducts little processing like for instance in our mobile phones there are Apps over which we don’t exercise total control (Awang & Manaf, 2015). That will ensure the maintenance of mobile App security. The privacy of the information is also another concern. The App developers are advised always to protect the information of App users. They can make use of a well-defined API to connect the App with servers that oversee its operations and ensure the protection of information is attained (Lee et al, 2013). Continued management of the App enables the App developer to control what information the users can access and also make available an efficient user authentication mechanism to monitor sessions (Tehan, 2013). The best way that has so far been recommended is the use of the method known as OAuth 2.0 open authorization framework. In this method, the requests made by the users of the App are monitored together with their sessions (Kornecki & Zalewski, 2015). The application of this mechanism makes it easy to manage sessions and ensure that no transactions are recorded illegally.

The best way for mobile App users and developers to ensure security include: first, ensuring the implementation of the security measures. The App developers are supposed to make sure that the Apps have robust security settings and that those settings are updated as time goes by. Secondly, the users of the Apps should not limit the tools to anti- malware as that may help them identify Apps with little security protections. Thirdly, the users must make sure they download their Apps from trusted and recognized enterprise App stores ((Jain & Shanbhag, 2012). Through that, they will prevent the probability of using Apps that may pose security problems to their confidential information. Additionally, the users and the App developers should ensure that the App does not save the passwords as that may result in the loss of confidential information. Lastly, the users of the Apps should always encrypt the information the data in transit. That is necessary as no one may be able to open the data in case it leaks out accidently (Lee, Hwang, Kim, Ahn, Park, Koo & Kang, 2012). 

Summing up, as discussed above it is, therefore, important for the App developers to take into considerations security issues during the App development. Despite the fact that the App developers ensure the security of the data, the users also must ensure they apply some measures as presented above also to promote the protection of their data.

References

Tehan, R. (2013, October). Cybersecurity: Authoritative Reports and Resources. Library of Congress Washington DC Congressional Research Service . Retrieved from https://www.fas.org/sgp/crs/misc/R42507.pdf

Kornecki, A. J., & Zalewski, J. (2015). Aviation Software: Safety and Security. Wiley Encyclopedia of Electrical and Electronics Engineering . Published Online: DOI: 10.1002/047134608X.W8241

Lee, J. G., Hwang, S. J., Kim, S. W., Ahn, S., Park, K., Koo, J. H., & Kang, W. S. (2012). Software architecture for a multi-protocol RFID reader on mobile devices. Handbook on Mobile and Ubiquitous Computing: Status and Perspective , 77.

Awang, N. F., & Manaf, A. A. (2015, September). Automated Security Testing Framework for Detecting SQL Injection Vulnerability in Web Application. In International Conference on Global Security, Safety, and Sustainability (pp. 160-171). Springer International Publishing.

Jain, A. K., & Shanbhag, D. (2012). Addressing Security and Privacy Risks in Mobile Applications. IT Professional , 14 (5), 28-33.

Illustration
Cite this page

Select style:

Reference

StudyBounty. (2023, September 14). Mobile App Security Assessment & Strategy.
https://studybounty.com/mobile-app-security-assessment-strategy-research-paper

illustration

Related essays

We post free essay examples for college on a regular basis. Stay in the know!

Security Implication of the Internet of Things

The Internet of Things (IoT) can be described as s system of interconnected devices that have the ability to transfer information over a computer network without the need of human-to-computer or human-to-human...

Words: 892

Pages: 3

Views: 96

Modern Day Attacks Against Firewalls and VPNs

Introduction The need to have an enhanced security of the computer connectivity happens to be one of the reasons that attract companies and organizations towards wide usage of VPNs. Several simple techniques...

Words: 2025

Pages: 7

Views: 134

How to Deploy and Administer Windows Server 2012

Securing a reliable, and expandable configuration for a company is important to build a strong network. The new and enhanced features of the Windows Server 2012 can be used to implement the network. In this...

Words: 1673

Pages: 6

Views: 87

Deployment Model in Cloud Computing

Deployment model is a representation of a cloud environment primarily distinguished by parameters such as accessibility, proprietorship, and storage size. The National Institute of Standards and Technology gives the...

Words: 254

Pages: 1

Views: 81

How to Use Web Search Engines for Business Research

The advancement of technology has made it possible for many people around the world to have easy access to information whenever they want. The development of the Wide World Web-enabled different kinds of information...

Words: 773

Pages: 3

Views: 86

Distributed Database Management System (DDBMS)

Introduction Data management has been a headache to many technology enthusiasts for quite a long period of time. They have successfully managed to logically collect interrelated data and share it. If the data is...

Words: 799

Pages: 3

Views: 127

illustration

Running out of time?

Entrust your assignment to proficient writers and receive TOP-quality paper before the deadline is over.

Illustration