Do we worry about security enough? Does it keep us up late at night, constantly in the back of our minds? If not, it should.
The reality is, as developers and app users we hardly focus on security enough. Jon Evans of TechCrunch says as users instead of worrying about it ourselves, we let the Facebooks and Googles of the world take care of it for us – which puts both us and the companies and apps we rely on in some treacherous territories:
“Alas, right now it seems that many-to-most people value conformity more than privacy.What’s more, instead of worrying about security ourselves, we trust others — Amazon, Apple, Facebook, Google — to take care of it for us. As the great Bruce Schneier points out, in some ways we’ve regressed to a feudal notion of security.
… Security is, by its very nature, something most people generally hardly worry about at all – until and unless that one awful day comes when it’s the only thing they worry about. By then it’s usually too late to start taking it seriously. “
As users we can certainly become more security-savvy. But more importantly, as app developers, security needs to be top of mind. Security failures usually occur because of poor design and a lack of testing. Therefore, if there was more forward thinking during the design phase developers would be able to produce better, more secure apps.
As T.L. Neff of Wired says, when it comes to development and security “less is more” and forward thinking is essential:
“Overall, users must include security factors while designing the app. Sure, you can be conservative about what you expose in the first place. Definitely consider some limits on what can be downloaded, and think about using graphical cues instead of text. By taking these kinds of steps, you’ll likely end up with apps that are more streamlined and user-friendly, and minimize security risks for your company.
The bottom line: don’t approach security as a set of utilities you put in place after apps are deployed. You’ll get better security through more of a life-cycle approach where you design with security in mind, and also test for security.”
It seems like it will take a collective effort from companies, developers and users alike in order to really improve mobile app security. Looking for resources on mobile app security? Here is a free whitepaper with security testing tips on common attacks, security tools and ways to build a better QA team: Security Testing.
Posted on 12/04/2012 in Security Testing by Katherine Slattery http://www.mobileapptesting.com/category/security-testing