Manage Learn to apply best practices and optimize your operations.

How do you secure different mobile platforms?

Different mobile platforms have different security characteristics. What's the best way for mobile developers to deal with this?

The many different mobile platforms that apps are expected to run on is one of the things that complicates mobile application development and security. Users want the application to run on everything from iOS 3 and Android 2.2 Froyo, to the most recent iOS 8 and Android L, with all functionality intact. Even though the user base is limited, the same can be said for the Windows Phone platform. If mobile developers try to limit OS version- or platform-support, they are introducing an opportunity cost many developers can't afford.

I believe in seeing the big picture and focusing on the basics. Practically every well-known security breach can be traced back to a user, administrator or developer failing to implement what we've known about for years and even decades: the security basics. If you focus merely on user authentication and session management, input validation, and information transmission and storage, you can mitigate the majority of your mobile app risks, regardless of the platform. That's where I find most of the mobile app vulnerabilities. I also recommend reviewing the OWASP Mobile Security Project, specifically their Top 10 Mobile Risks.

Each mobile platform ... will have unique nuances and requirements for implementing these security controls.

Each mobile platform, and even different OS versions within each platform, will have unique nuances and requirements for implementing security controls. For instance, specific subversions of a mobile OS may or may not support unique security controls around authentication and malware protection. As we've seen with iOS 8, the new mobile OS may break many things all at once.

This question of how to handle security on different mobile platforms is too complicated to answer completely in this forum. However, if you find a specific scenario where it's not possible to utilize the OS for security controls, you may be able to do it programmatically, and vice versa. The important thing is you don't overlook these app security basics. With all of the available information, users -- and lawyers -- expect the fundamentals to be in place.

Next Steps

Read more about mobile application development platforms

What is the best backup solution for your mobile platform?

How to address security for enterprise mobile devices

Dig Deeper on Topics Archive

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Developers, how have you dealt with the security needs of different mobile platforms?