CybersecurityDeveloping secure mobile apps

Published 16 April 2018

Mobile devices such as smartphones and tablets and the applications (apps) we load onto them have become indispensable to our daily lives—both personal and professional. However, mobile apps are susceptible to malware, ransomware, spyware, coding flaws and other attacks that could compromise personal data stored on the device. Apps also can be used to gain access to sensitive enterprise resources.

 

Mobile devices such as smartphones and tablets and the applications (apps) we load onto them have become indispensable to our daily lives—both personal and professional. On the business side, more and more government agencies and private-sector entities are adopting mobile systems to improve business operations and employee efficiency.

However, mobile apps are susceptible to malware, ransomware, spyware, coding flaws and other attacks that could compromise personal data stored on the device. Apps also can be used to gain access to sensitive enterprise resources. Additionally, mobile apps and related services are evolving at a rapid pace, with new apps and updates, operating system updates and service provider updates introduced regularly. This speedy development and implementation process greatly increases mobile technology attack surfaces and exposes devices and apps to new threats and exploits. Average users have few options to assess app security. Even the Android and iOS app stores have had apps with malware, bugs and other vulnerabilities.

S&T says that the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) is working to increase mobile app security by developing innovative solutions that will extend beyond deployment of an app to provide continuous security assurance throughout an app’s lifecycle. The Mobile App Security project has two primary research and development (R&D) foci. The first is continuous mobile app monitoring, vetting and security assurance to safeguard against vulnerabilities and future threats. The second is establishing a security framework and integrated development environments that will result in development platforms that enable developers to transparently ensure security and functionality throughout the mobile app lifecycle.

Two prominent S&T mobile app security research efforts will be spotlighted at the RSA Conference, April 16-20 in San Francisco.

“S&T is conducting numerous mobile security projects addressing both device and app security. We look forward to showcasing its innovative mobile app security solutions at the RSA Conference,” said Mobile Security R&D Program Manager Vincent Sritapan.

The first S&T-backed effort is focused on the development of continuous validation and threat protection of mobile devices and apps and will be exhibited by performer Qualcomm Cyber Security Solutions in its RSA booth (S2441). The effort is developing a solution that will use mobile device hardware-anchored Mission Critical Grade Security Layer (MCGSL) to protect against zero-day attacks by leveraging its mobile security platform and extending its research partner’s—Kryptowire LLC—mobile app security testing platform.

Leave a comment

Register for your own account so you may participate in comment discussion. Please read the Comment Guidelines before posting. By leaving a comment, you agree to abide by our Comment Guidelines, our Privacy Policy, and Terms of Use. Please stay on topic, be civil, and be brief. Names are displayed with all comments. Learn more about Joining our Web Community.