Cybersecurity – Mobile App Security Assessment Free Essay

How to Create a Secure Mobile Application

Cybersecurity – Mobile App Security Assessment

Mobile applications are very effective and widely-used. At the same time, the use of mobile application raises the problem of the security of the mobile application because users are often ignorant or underestimate risks and threats associated with the use of mobile application. The problem of the mobile application security is particularly significant in case of government contract and using mobile application by government agencies.

The federal government’s requirements and recommendations for mobile app security architectures and the associated design recommendations are strict. The federal government requires the high level of the mobile application security which is the priority for the government as the contractor. Mobile applications have to be protected and the effectiveness of the protection has to be tested carefully before the implementation of the new mobile application (Federal Trade Commission 2017). At the same time, the implementation of the mobile application may raise unexpected problems which may emerge and which may be unexpected for developers of the mobile application. This is why the ongoing control over the implementation of the mobile application is one of the major requirements of the federal government to mobile application. This means that mobile application should be controllable, while developers of the mobile application should update their mobile application to enhance its performance and to secure the application from information breaches or malfunctioning.

Furthermore, the federal government requirement include taking stock of the data the application is supposed to collect and retain but the data have to be stored in safety and be not available to the third party, even to users, if they do not need the data. At the same time, the mobile application should also use the reliable and safe platform. Mobile applications use platforms which are different in their essence and, thus, provide mobile applications with different features and security characteristics. This is why the mobile application needs to have the reliable platform.

At the same time, the federal government requires that the mobile application has to be protected. This means that the mobile application may need more than the platform to be protected but other tools to protect the data and the application may be needed. In addition, the key data have to be protected to minimize the risk of the access to the key data for the third party as well as to minimize the risk of the intrusion and information breaches. In this regard, the data encryption is pivotal and may help to protect the data (Holquist, 2013). The data protection through encryption is effective as long as intruders cannot decrypt the data. Therefore, the mobile application is supposed to have the reliable encryption that can protect the most sensitive data as well as the access to the core of the mobile application.

One more mobile application security requirement is the protection of not only data or application proper but also the protection of the server because the server may be a weak point that may open the way for information breaches. The third parties may use the server as the mechanism to break through the most sophisticated mobile application security system. This means that without the server protection, the mobile application cannot be secured properly. Moreover, the complex and sophisticated protection of the application becomes a waste of time and money, if developers of the application ignore the server protection.

This is why the server protection and building up multiple layers protection are among the industry’s recommendations for security architectures and risk reduction for mobile app security focus on the careful preparation of mobile application, its testing and careful implementation with regard to the safety and data protection. To put it more precisely, building up the data protection and information security system that can raise unsurpassable barriers on the way of intruders are important tasks developers of the mobile application have to cope with. The mobile application security system should be multilayer and complex. Moreover, the data have to be protected not only within the application but also outside it. The platform protection is important but not enough (Vigliarolo, 2018). The mobile application should use data encryption and the use of keys to protect the data of users, who use the application. Also, developers of the application should also consider mechanisms of the server protection to minimize the risk of bypassing the mobile application security system through the use of the server and its low protection. Today, industry recommendations focus on the diversity of mechanisms and tools used to protect mobile applications and the main lesson developers of the mobile application have to learn from industry’s recommendations is the development of the complex security system that goes far beyond the application proper, but also involves the server, the platform, and users, who should also be aware of risks and threats and use the application responsibly to prevent the risk of information breaches caused by the revelation of the sensitive data that may help to decrypt the data or get access to the keys or accounts of users.

Therefore, best practice recommendations for building security into the new mobile app which will become next year’s entry into the Mobi-Gov awards contest include several key steps. First, the mobile application and its security system have to be tested and re-tested before their introduction. Second, the mobile application security system has to cover not only platform but also the serve and reach users to minimize the risk of failure from their part (Gallagher, 2013). In this regard, the mobile application security system should do all the work for users, while users should remain ‘dumb’ with regard to security issues simply because they should not have access to tools that are used to protect, encrypt the data or protect the data transmission. Users should have access only to those tools, which cannot give intruders a chance to break through the security system. Third, the protection of the server is the essential requirement of the mobile application protection. Fourth, the data encryption should include the encryption of username, paroles, keys and other important data of users that intruders may look for to break through the security system of the mobile application. Finally, the mobile application security system should have multiple layers which cover each other and minimize the risk of information breaches and intrusion.

Thus, the mobile application security is pivotal for the effective and secure functioning of the application, especially in case of the mobile application used by a government agency. The mobile application security system should comply with the federal government requirements concerning the information security as well as with the best practices in the industry. This is why it is important to follow recommendations given above concerning the mobile application security, such as multilayer security system, encryption, the protection that goes far beyond the platform, including server protection, and others. By following these recommendations, developers of the mobile application should reach the high level of security of the application but still they have to test and retest the application before its introduction and even after the introduction of the mobile application its functioning and security system should be under the permanent control of its developers to update the application and to enhance its security, if necessary.

 

References:

Federal Trade Commission. (2017). App Developers: Start with Security. Retrieved from https://www.ftc.gov/tips-advice/business-center/guidance/app-developers-start-security

Gallagher, J. (2013). Mobile app security: Always keep the back door locked, Ars Technica.  Retrieved from https://arstechnica.com/information-technology/2013/02/mobile-app-security-always-keep-the-back-door-locked/

Holquist, S. (2013). 10 MOST ENTERTAINING GOVERNMENT MOBILE APPS. GovLoop. Retrieved from https://www.govloop.com/community/blog/10-most-entertaining-government-mobile-apps/

Vigliarolo, B. (2018). How to build a secure mobile app: 10 tips, Tech Republic. Retrieved from https://www.techrepublic.com/article/how-to-build-a-secure-mobile-app-10-tips/

The terms offer and acceptance. (2016, May 17). Retrieved from

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016.

[Accessed: March 29, 2024]

freeessays.club (2016) The terms offer and acceptance [Online].
Available at:

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]

"The terms offer and acceptance." freeessays.club, 17 May 2016

[Accessed: March 29, 2024]
close
Haven't found the right essay?
Get an expert to write you the one you need!
print

Professional writers and researchers

quotes

Sources and citation are provided

clock

3 hour delivery

person