Typically, when people think about a mobile security breach, they imagine a scenario where their smartphone or tablet - containing a plethora of sensitive business information - is stolen by a passerby. However, where physical theft does comprise a certain percentage of these types of offenses, more often they come as a result of mobile apps.
According to new research from Gartner, 75 percent of all mobile security breaches will come due to issues within mobile applications. These misconfigurations present exploitable vulnerabilities that hackers will pounce upon, and with the influx of BYOD-supported handheld hardware in today's corporate landscape, a single attack could open the door to a treasure trove of data.
"Mobile security breaches are - and will continue to be - the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices," said Dionisio Zumerle, Gartner principal research analyst.
In this way, the responsibility lies with app developers to ensure that they are creating applications that properly safeguard users' information as well as data belonging to their employer. Zumerle noted that common misconfigurations include the incorrect utilization of personal cloud services by mobile apps.
"When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices," Zumerle said.
This makes the issue even worse, as a breach that goes unnoticed allows cybercriminals to steal an increasing amount of content with each hour and day that goes by. Gartner recommends that business IT leaders improve their vetting process for enterprise apps. However, developers also need to consider several security best practices when it comes to protecting the content contained in the program.
App security: Tips for establishing safe apps
The Bureau of Consumer Protection pointed out that although security needs will largely be determined by the type of app being created and the functionalities it includes, there are a few general best practices developers can observe. The organization recommends starting the entire development process with an overview of the chosen component suite's security.
Developers should be sure to consider exactly what data the app will collect and archive, which can serve as a foundation for protection standards. For example, if the program only gathers a small amount of sensitive information, it will not require as many safeguards. On the other hand, the protection measures will be of a much higher caliber on enterprise apps that will likely compile and store large amounts of content needing security.