How tackle mobile apps security

Posted on March 13, 2012 05:15 am

Building native iOS, Android apps based on business demand comes with many risks and as a developer I always urge a defense-in-depth strategy to secure customers data self-service mobile applications. Apps built should allow customers to submit claims, search for nearby providers and even look up extra details. The challenge of balancing different technologies security concerns with the business’ demand for user-friendly features is another important consideration. Because it involves personal information, the app and data need to be secure because many customers are unlikely to want to remember yet another password just to use the app. Customer experience desires a streamlined customer interaction model within the mobile application environment. In fact the most ideal experience as one that required the minimum number of touches, or actions, by the user.In my development career,I know such desires sometimes conflicts with the need to maintain security and customer privacy.Many IT professionals do disagree over their business desire to store passwords on the device and to simplify the password to a shortened PIN but ultimately most important will be developers part.

In a recent past,I have argued successfully how integrating the mobile apps with IBM’s WebSEAL access management product, leaning heavily on the vendor and its out-of-the-box APIs ensures the implementation of apps is secure.Apps should be designed such that they are easily synchronized in real time with back-end systems on clients who have private cloud technologies in place.Customers should be advised in the applications’ terms and conditions that although data will be secure, the users are responsible for their devices and any information stored outside of the apps such as contact details. The apps should also feature in-built certificates to allow systems to tell them apart from malicious counterfeits.Some assume it’s easy to look at a mobile app and assume they just need to enable some APIs within a certain network to transmit data in and out but one really need to think about security in depth. Developers should put in a lot of architectural layers to ensure that they are protected from attacks by enabling load balancing and build a special app to do API integration into the backend systems as well as enable our WebSEAL environment.On my part,I like developing hybrid mobile application by blending native and web elements so they to facilitate updates and more efficient access to backend data.Any developers work should be informed by user behavior tracking data.

Contador Harrison