There is no doubt that a number of different components must be factored into the equation when creators are developing applications. Aspects including features, usability, component suites and HTML5 or native coding languages must all be decided before individuals can begin work on the app itself.
However, The Bureau of Consumer Protection noted that these efforts should start with security.
"Apps and mobile devices often rely on consumer data - including contact information, photos, and location to name a few - and can be vulnerable to digital snoops, data breaches, and real-world thieves," the source stated.
For this reason, it is increasingly important that developers understand the security dangers that can accompany the use of an application and take these items into consideration when building the safeguards for their programs. One such aspect to consider is the data being stored by the application, and how this archived content is protected. InformationWeek contributor Charlie Fairchild recommending designing the program so that sensitive content like passwords or payment card details are not stored on the device itself, or are encrypted.
Furthermore, when leveraging encryption to protect information within the app, developers have to ensure that the safeguard is functioning properly and is not broken. For example, protocols like MD5 and SHA1 have been identified as inadequate for preventing unauthorized access. Instead, app creators should utilize encryption algorithms like AES paired with a 256-bit encryption key or SHA-256.
Fairchild also recommended vetting advertisers and analytics vendors that may be allowed access to posting capabilities or other information from the application. This is a vital step in ensuring that the program doesn't cause unintended data leakage, such as that which occurred with one widely-used mobile game.
"[T]he NSA had tapped popular smartphone apps like Angry Birds to gather the huge amounts of personal data - including age, location, gender, and more - that they collect," Fairchild wrote. "This is what's meant by a 'leaky' app."