Native mobile application development and security risk management
Developing native mobile applications as opposed to HTML5-based apps adds complexity to mobile application security management. Peter Yared from Webtrends Apps, recently posted an insightful blog entry where he points out that developing native applications for each mobile platform (i.e. iPhone, Android, Windows Mobile, Blackberry, SymbianOS, WebOS) is not practical because the development and maintenance cost grows for each mobile platform app deployed.
Published on: Mar 3, 2016
Transcripts - Native mobile application development and security risk management
Native Mobile Application Development and SecurityRisk ManagementDeveloping native mobile applications as opposed to HTML5-based apps adds complexity to mobileapplication security management. Peter Yared from Webtrends Apps, recently posted an insightful blog entrywhere he points out that developing native applications for each mobile platform (i.e. iPhone, Android,Windows Mobile, Blackberry, SymbianOS, WebOS) is not practical because the development and maintenancecost grows for each mobile platform app deployed.Not only is Peter’s view very practical from a cost and maintenance perspective, it also has significantinformation security implications. A key attribute of risk analysis for web applications is sometimes referred toas attack surface area, which essentially means that the more features, functionality, permissions and codeaccessible to users, the more vectors of attack – which increases the probability of a security compromise. Thisvery same principal applies to mobile apps. Having similar or identical features recoded for multiple platformsincreases the attack surface area. Furthermore, multiple applications would require an application penetrationtest and a security code review to ensure they are secure before deployment, or after changes or updates tothe code base.Areas where we are seeing (and security testing) lots of mobile application deployments, such as inhealthcare, banking and consumer driven enterprises, also generally have significant compliance andconfidential data protection requirements – think HIPAA & PCI. Thus developing custom apps for eachplatform natively adds complexity to security management. Of course there are a variety of business cases, forexample if an app needs access to the camera, that will dictate native development, but the securityimplications of native development security risk management should always be considered when creating amobile development strategy.For more content on this topic check out our post “Getting Started With A Mobile Device Security Policy”Written by Redspin CEO, John Abraham WEB PHONE EMAIL WWW.REDSPIN.COM 800-721-9177 INFO@REDSPIN.COM