Mobile Application Security Testing: The Unique Characteristics of Device Security Models

Sanjay Zalavadia, VP of Client Services, Zephyr
content-image

Sanjay Zalavadia, VP of Client Services, Zephyr

Smartphones, tablets, and wearables have all led to changes in how businesses operate and how consum­ers are kept connected to their favourite organizations. How­ever, workers cannot simply use just any application; software often must undergo stringent evaluations to en­sure that it meets employee needs and has the protections to keep com­pany data safe. As more businesses approve of bring-your-own-device policies, quality assurance teams must leverage mobile app development se­curity testing techniques while under­standing the unique needs of device security models.

Security Importance on the Rise

Although computers are still a main target for hackers, mobile devices are increasingly experiencing their share of attacks. Application security has become such a priority for orga­nizations that the market is expected to grow to $6.77 billion by 2021, tri­pling its current estimate, according to predictions from MarketsandMar­kets. The report noted that the surge of breaches aimed at applications is a primary driver for the market's rapid development. This makes sense, es­pecially since malicious programs are already in app stores just waiting to be downloaded.

Google Play, in particular, has been a victim of numerous apps tar­geted to release malware and access user data. TechTarget contributor Eric Beehler noted that Google's open for­mat and lack of safety oversight has caused many problems for users and can mean trouble when exposing busi­ness information.

Although improve­ments are constantly being made to avoid these incidents, companies must test applications themselves to ensure that they are safe for employees to work with.

“All it takes to access the data stored on an unlocked smartphone running a poorly written app is a sim­ple extraction of the file attached to the mobile application, then a query,” Beehler wrote. “This action can tell you anything you want to know about the data stored in that app, which is especially troublesome if the data­base connects to a back end system. Because of these mobile application vulnerabilities, sensitive data should be encrypted at the device level, and external connections should be en­crypted as well.”

Taking Stock of Device Security Capabilities

Rather than relying on providers to en­sure that apps are safe, organizations have to test out the programs them­selves as well as make use of security testing tools to protect employees and business data. TechTarget contribu­tor Dan Cornell noted that there are a few testing types that these solutions should address: static, dynamic, and forensic. These approaches will ex­amine code at rest, the behaviour of running systems and what's been left behind after a program has been run, respectively. Using these methods together will give QA teams a fuller picture of the app's security and help make decisions regarding how to bet­ter protect employees.

While security testing tools will be a major asset to evaluating appli­cations themselves, the solutions can also gauge the protection capabilities of the device. It's important to note that as new devices and operating systems are released, support is dis­continued for older versions. IT and QA staff must determine if employees are using any legacy systems that no longer receive patches and manufac­turer updates, as this will leave a huge vulnerability if it's not addressed ap­propriately. Newer hardware may also have better features like encryption and passcodes, whereas legacy de­vices may not have things like remote wipe to reset to factory defaults or re­move encryption keys. Taking stock of what devices and operating systems are being used will help teams make a security map of their infrastructure. This way, teams can create a solid pro­tection strategy and provide employ­ees with capable applications.

Incorporated in 2007, Zephyr is a company based in Bangalore, India, providing on-demand Test Management solutions designed to meet the needs of today's dynamic and global Test and Quality Assurance departments.

Read Also

Streamlining Operations and Empowering Teams in Facilities Management

Streamlining Operations and Empowering Teams in Facilities Management
Shaye Rogers, Workflow Support Manager, Cushman & Wakefield
Technocreativity: The Synergy Of Technology And Creativity

Technocreativity: The Synergy Of Technology And Creativity
Tran Nguyen Phi Long, Group Head Of Retail Marketing, Pnj Group
Leading It And Digital Transformation At Ikea: Insights From An Industry Veteran

Leading It And Digital Transformation At Ikea: Insights From An Industry Veteran
Sigit Triwibowo, Head Of It And Digital, Chief Technology And Digital, Ikea
Executive Leadership And Digital Transformation In The Global Fashion Industry

Executive Leadership And Digital Transformation In The Global Fashion Industry
Eiko Ando, E-Commerce And Digital Director, Pvh Corporation
Digital Transformation in Fashion Retail - From Efficiency to Experience

Digital Transformation in Fashion Retail - From Efficiency to Experience
Le Van, CTO, YODY Fashion
Driving IT Transformation at Lactalis Australia

Driving IT Transformation at Lactalis Australia
Sabina Janstrom, Chief Information Officer, Lactalis Australia
AI Adoption in Hospitality: Striking the Balance Between Innovation, Excellence and Trust

AI Adoption in Hospitality: Striking the Balance Between Innovation, Excellence and Trust
Phiphat Khanonwet, Head of IT, Onyx Hospitality Group
The AI Rat Race - Keeping Up with New Technologies or Waiting for Maturity?

The AI Rat Race - Keeping Up with New Technologies or Waiting for Maturity?
Andreas Kurz, Global Head of Digital Transformation, ALFAGOMMA Group