Application Security - Mobile Application Security

Mobile Application Security

The proportion of mobile devices providing open platform functionality is expected to continue to increase in future. The openness of these platforms offers significant opportunities to all parts of the mobile eco-system by delivering the ability for flexible program and service delivery options that may be installed, removed or refreshed multiple times in line with the user’s needs and requirements. However, with openness comes responsibility and unrestricted access to mobile resources and APIs by applications of unknown or untrusted origin could result in damage to the user, the device, the network or all of these, if not managed by suitable security architectures and network precautions. Application security is provided in some form on most open OS mobile devices (Symbian OS, Microsoft, BREW, etc.). Industry groups have also created recommendations including the GSM Association and Open Mobile Terminal Platform (OMTP).

There are several strategies to enhance mobile application security including

• Application white listing
• Ensuring transport layer security
• Strong authentication and authorization
• Encryption of data when written to memory
• Sandboxing of applications
• Granting application access on a per-API level
• Processes tied to a user ID
• Predefined interactions between the mobile application and the OS
• Requiring user input for privileged/elevated access
• Proper session handling