The many different mobile platforms that apps are expected to run on is one of the things that complicates mobile...
application development and security. Users want the application to run on everything from iOS 3 and Android 2.2 Froyo, to the most recent iOS 8 and Android L, with all functionality intact. Even though the user base is limited, the same can be said for the Windows Phone platform. If mobile developers try to limit OS version- or platform-support, they are introducing an opportunity cost many developers can't afford.
I believe in seeing the big picture and focusing on the basics. Practically every well-known security breach can be traced back to a user, administrator or developer failing to implement what we've known about for years and even decades: the security basics. If you focus merely on user authentication and session management, input validation, and information transmission and storage, you can mitigate the majority of your mobile app risks, regardless of the platform. That's where I find most of the mobile app vulnerabilities. I also recommend reviewing the OWASP Mobile Security Project, specifically their Top 10 Mobile Risks.
Each mobile platform, and even different OS versions within each platform, will have unique nuances and requirements for implementing security controls. For instance, specific subversions of a mobile OS may or may not support unique security controls around authentication and malware protection. As we've seen with iOS 8, the new mobile OS may break many things all at once.
This question of how to handle security on different mobile platforms is too complicated to answer completely in this forum. However, if you find a specific scenario where it's not possible to utilize the OS for security controls, you may be able to do it programmatically, and vice versa. The important thing is you don't overlook these app security basics. With all of the available information, users -- and lawyers -- expect the fundamentals to be in place.
Read more about mobile application development platforms
What is the best backup solution for your mobile platform?
How to address security for enterprise mobile devices
Dig Deeper on Software Security Test Best Practices
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.