Mobile App Developers: Compete on Privacy and Security, Too
There are many mobile app developers today who want to develop the next hot mobile app. After all, if you pay your cards right, you could end up being bought by a much larger company like Facebook, Google, or Microsoft for billions of dollars.
It’s hard enough to build a mobile app that will have the features and ease of use that will make it popular with millions of users. There are other things that apps can compete on, however: this includes the privacy and security of their users.
How can developers do this? First of all, consider how the app is written. Are best practices being followed? Developers on PCs and Macs have already learned that their apps can suffer from vulnerabilities that can be exploited. Are you doing your best to avoid these issues?
One reason to harden your apps against possible exploitation is repackaging. This is when the bad guys take a legitimate app and add their own malicious code to it. This added code can be anything – premium SMS abuse, cryptocurrency mining, even information theft. Not only does this harm the end user, it also damages your good name as well. (For more in-depth information about app repackaging, read our relevant paper, Fake Apps: Feigning Legitimacy.)
If your business model revolves around ads served by third-party ad networks, be careful in choosing which ad networks you choose to partner with. Some ad networks are less reputable than others, either asking for too much user information to target their ads or allowing malicious ads to run on their networks. Remember: it’s not just their reputation on the line, it’s yours as well.
Another issue is how you integrate with various social networks. It’s become very popular to integrate social networks into mobile apps. This is perfectly safe, so long as it’s done correctly. Social networks generally use some sort of API to allow third-party apps to access their information; use these APIs instead of just asking for your user’s private login credentials.
In terms of privacy, consider what you’re asking from the user. We’ve all seen how some apps ask for permissions that have absolutely nothing to do with their main purpose. Why would a flashlight app need access to your calendar or contacts? Consider what you actually need from your users and don’t just ask for anything and everything just because you can.
We offer tools that will help mobile app developers check if their apps are secure. The Mobile App Reputation Service checks apps based on their behavior and identifies any potentially problematic behavior on their apps. We hope that these tools will help developers realize that protecting the privacy and security of their users should be something that is an integral part of creating the next mobile app.