asellus molestie hendrerit bibendum. Proin suscipit, justo non porttitor fringilla, nulla mauris accumsan diam, non mattis enim nibh nec ipsum. Ut arcu urna, fermentum et nulla sit amet, auctor porta metus. Aenean vitae dictum nulla. Proin sit amet lorem id ligula pulvinar egestas. Proin tincidunt lacinia turpis a vestibulum. Cras sollicitudin, risus sed eleifend ullamcorper, odio ligula dignissim dui, in iaculis magna metus a lacus. Donec sed dui et quam vehicula ullamcorper quis ac dui. Praesent iaculis a felis sed consectetur.
Leaving the politics and possible motives aside, cybersecurity professionals everywhere were left aghast at the rushed development. Sadly, this is nothing new, as mobile apps are often released with bugs and vulnerabilities in them. When Kryptowire analyzed the preinstalled apps on Android phones from 29 different manufacturers last November, it found 146 vulnerabilities.
We’re talking about issues on brand-new phones out of the box, before the owner even installs anything.
The potential risk to companies and their customers is enormous, especially at a time when data privacy is becoming a bigger issue, tighter regulations are bringing stricter penalties and public expectations are shifting. Any organization developing an app or engaging a third party to do it for them must consider security and include provision for proper in-depth testing.
Think about security from the start
All too often, security is an afterthought that comes at the end of development. It needs to be considered and built into the development process right from the outset with a documented secure development life cycle plan (SDLC). Make sure that you consult with cybersecurity professionals during the design phase. It’s vital that the people you hire have relevant expertise in mobile apps and that you empower them to influence design and development as necessary to ensure its integrity by following the documented plan.
Consider the types of data the app will deal with and insist that end-to-end encryption is built in. Restrict access wherever possible and think about two-factor authentication. Don’t forget about compliance, as regulatory requirements are evolving rapidly now.
It will be far easier and smarter to build all of this right from the start than to try to retrofit.
