Mobile App Development: Many Questions, Few Answers

by

Usage of Google’s Android mobile platform is growing at an exponential rate; unfortunately, so is the malware being developed to attack it.

On Monday came the news of the Malicious Mobile Threats Report 2010/2011, released last week by the Juniper Networks Global Threat Center, that reveals a frightening statistic: since the summer of 2010, “Android malware has surged 400 percent.” What is to blame? According to eWEEK’s Fahmida Y. Rashid, the report cites user naiveté and general nonchalance as a major reason for malware developers putting a big 'bulls-eye' on the Android platform.

All of this begs the question: As Android sales continue to rise at exponential rates and overtake sales of all other smartphone platforms, at what point does someone tell Google it needs to do a better job of policing its app store?

Mobile Development Questions

Interestingly enough, these same questions came up in an article posted on CIO.com not too long ago. In an article titled “8 Security Questions to Ask Before Building Mobile Apps,” John Dickson notes that development of mobile applications has exploded over the last few years as enterprises attempt to get in on the popularity of all types of mobile devices – iPhone, Android and BlackBerry. Of the development rush, he urges:

“Business line managers need to make sure that marketing and IT managers who are building mobile applications are protecting customer data and not inadvertently opening up unexpected security holes for outside attackers.”

Dickson proceeds to question how mobile applications work within an enterprise setting, how they differ from enterprise applications and whether those developing mobile applications have the skills to create them for an enterprise (he actually believes many do not). However, he wraps his article with two very interesting questions, neither of which he answers in full:

  • What organization (enterprise, device provider, mobile OS provider) is responsible for security?
  • What development approaches are in place to build more secure mobile applications?

So exactly WHO should be responsible for security and what can be done to build more secure applications?

Mobile Development Answers Start at the Top

There seem to be three distinct groups involved in the management and administration of mobile applications – the platform owners (Apple, Google, RIM, etc.), the app stores for each platform and the mobile developers themselves. When it comes to security, though, there is plenty of responsibility to be shared at each of these levels.

Responsibility should begin at the top. Apple, Google and RIM need to take steps to ensure that the software that goes into the devices – either for operational purposes or as pre-loaded applications – is 100% secure. Also, since each company manages its own device's app stores, each should insist that an application meet minimum quality standards, in terms of both security and application software structural quality, before it can be listed in the app store. And finally, the developers themselves – the legitimate ones – need to take additional steps to ensure the security and quality of their applications.

I know what you’re thinking – this is “pie in the sky” thinking. Well, not entirely.

The current problem is that the various mobile platforms do not currently ask much of their developers when it comes to ensuring software security and quality. Were they to demand higher quality, app stores would need to scrutinize applications more closely – or in Android’s case, at all – before allowing an application to be listed.

In order to reach such a decision point, though, a set of software quality standards needs to be established – perhaps by the mobile platform vendors themselves – against which applications can be tested and certified. Then, by requiring mobile applications to pass through such an analysis and earn some form of certification to be listed in an app store, there would be a forced compliance of these minimum quality standards.

Unfortunately, until platform vendors, app stores and developers adopt a mobile certification program that ensures applications are safe to use, there will continue to be more questions than answers for mobile app development.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|