Tag Archives: API

Protect Your Enterprise with the Top Mobile App Security Tips of 2019

Android Development, iOS Development, , , , , , , , , , , , , , ,

A recent study conducted by AppKnox concluded that out of 100 top E-commerce apps, 95% failed basic security testing, 68% had four or more loopholes present in them, and 68% of apps were diagnosed with high severity threats.

Some of the most popular applications, including WhatsApp, Pokemon Go, and Facebook Messenger, are among the most frequently blacklisted among top enterprises due to the security risks they pose.

As a mobile app developer, security can lead to disaster for both your business and your consumers. Here are our top security tips for 2019:

TESTING AND CODE OPTIMIZATION

The two most important processes for building a secure app are extensive testing and constant refinement of code.

Disorganized code often causes data security risks. Minify code to ensure it is clean and concise and does not burden the application. When coding, think like an attacker and address any vulnerability a hacker could use to penetrate your application. Use libraries that show coding errors to ensure you catch security risks.

By budgeting for a rigorous testing and quality assurance process from the outset of the application development process, software developers ensure their applications will be thoroughly secure. Do not allow time-constraints getting a product to market to interfere with this crucial step. Test for functionality, usability, and security. Test, test, and test some more.

SECURE YOUR APIs

Enterprise developers are relying on application programming interfaces (APIs) more than ever, posing additional security requirements. API development and mobile app development share security considerations. Any vulnerability in an API is a vulnerability in the applications that the API connects. Solve potential headaches with the following tips:

  • Ensure all APIs integrated in your app are optimized for security.
  • Monitor all add-on software carefully to ensure that they do not present any system vulnerabilities.
  • Budget time to test the security of your APIs as well.

Check out TechBeacon’s 8 essential best practices for API security for additional reading.

LIMIT DATA COLLECTION AND PERMISSIONS

By collecting as little data as possible and minimizing permissions, app developers limit vulnerable attack points on their app. If the app does not require access to the camera or contacts, don’t request it. The same sentiment can be applied to data: make sure  users are aware of what data your application is collecting from them and only collect user data that is vital to the application’s functionality.

INTEGRATE A SECURITY TEAM FROM DAY ONE

Incorporating a dedicated security team from the inception of the development process on will ensure that the application has a cohesive security strategy intertwined with app functionality. Bringing the security team in from day one will minimize vulnerabilities that otherwise may slip through the cracks if they are brought on later in the process.

PROTECT CONSUMER DATA

Consumer data is generally the most vulnerable element for any app. The higher the volume of consumer data, the more there is for hackers to steal. In addition to limiting data collections, app developers should look into new data encryption technologies and biometric authentication. Decentralized database technology like the blockchain cryptology are among the most high-tech data protection measures tech companies can undertake.

Learn more about the Blockchain for mobile development via Application Development Trends.

CONCLUSION

In order to maintain secure environments, app developers must stay constantly stay up-to-date on the latest security technologies. Reading tech publications and maintaining awareness of the latest trends will ensure your enterprise is ready to integrate with tomorrow’s tech.

How to Optimize GPS and Background Processes for Android Oreo

Android Development, , , , , , , , , , , , , , , ,

As our past article Android Oreo Serves Up the Sweets will show, Android Oreo lived up to expectations upon release and gave both consumers and app developers plenty of enhancements to enjoy.

However, for app developers, enhancements to the UI aimed to conserve battery life affect GPS services and require changes to the code in order to optimize pre-existing apps for the new OS. Specifically, Android Oreo restricts apps that are running in the background with limited access to background services. Additionally, apps can no longer use their manifests to register for most implicit broadcasts. When an app is in the background, it is given several minutes to create and use services, but at the end of that time slot, the app is considered idle and the OS will stop running background services.

These changes directly affect apps with geolocation functionality. Android Oreo limits how frequently apps can gather location in the background. Background apps can only receive location updates a few times each hour. The APIs affected due to these limits include Fused Location Provider, Geofencing, Location Manager, Wifi Manager, GNSS Measurements and GNSS Navigation Messages.

Apps that currently use location services in previous Android OS’s will require an update to optimize for Android Oreo. Apps that use location services range anywhere from navigational apps like Waze and Google Maps to social media apps like Twitter, and food apps like Yelp and Seamless.

For apps that require frequent location updates, increasing the usage of the app in the foreground will ensure that the app gets frequent access to location information. In order to program this, developers must implement startServiceinForeground() instead of startService() in Activity class.

In Service class in onStartCommand(), developers can use the following code:

Screen Shot 2018-05-07 at 12.46.57 PM

Via StackOverflow

When foreground services running in the background consume high energy, Oreo fires an automatic push notification to the user informing them of the battery-consuming service. With the push notification in place, app users are more likely to uninstall apps that track location without conserving battery life, putting the onus on software developers to deliver battery-efficient apps. One of the biggest issues facing some app developers is ensuring that battery life is not sucked as a result of tracking location in apps. Check out our full rundown of how to build battery-efficient geolocation apps for supplementary reading.

The results of the limits put in place with Android O are increased battery life for the user and the necessity for app owners to consider how their apps interact with location information. Retaining a thorough understanding of how location information will be retrieved and used through out the development process ultimately benefits both software developers and consumers with better UI and more energy efficient processes.