Mobile app development teams often struggle to ship high-quality software on time and on budget. Developers face the pressure of accelerated release cycles, revenue demands, bug fixes, security breaches and compliance and regulatory requirements. Given an intense focus on developer efficiency and user experience, it’s inevitable that security and privacy issues can creep into their code.  The OWASP Mobile Application Security Verification Standard (MASVS) sets the global industry standard for mobile application security. Mobile app developers and architects should use the MASVS set of con ..read more

The beginning of 2024 saw approximately 3.4 million apps available for download from the Google Play Store, and around 1.9 million apps available in the Apple App Store. That total continues to grow and more than 52,000 new apps were added to Google Play in February alone. Mobile app developers strive to rapidly introduce new features and streamline the development process across platforms. One way to do this is to take advantage of iOS and Android Software Development Kits (SDK). Mobile SDKs are predeveloped collections of software libraries that give developers a shortcut in introducing new ..read more

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) released a secure software development attestation form on March 11, 2024, in a long awaited followup to Executive Order (EO) 14028. EO 14028, “Improving the Nation’s Cybersecurity,” outlines the federal cybersecurity strategy to reduce software supply-chain risks. The OMB M-22-18 memo, “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices” and the M-23-16 update stipulate that federal agencies may use software only if the provider attests to ..read more

Mobile penetration testing helps businesses defend against cyberattacks, safeguard data privacy and preserve brand reputation. Best practices call for continuous automated mobile application security testing throughout the software developement lifecycle to gain speed and efficiency. However, organizations should augment automation with manual mobile penetration testing for certain high-risk mobile apps to achieve the greatest coverage.  In today’s digital landscape, security analysts and developers understand the imperative of ensuring the security and privacy of mobile applications. Whi ..read more

The Federal Trade Commission (FTC) has been aggressively cracking down on mobile app privacy violations to safeguard consumers’ personal information. Following the landmark California Consumer Privacy Act (CCPA), several states including Florida, Montana, Oregon, Texas and Washington enacted data privacy laws that take effect in 2024 and many others have pending privacy legislation. With privacy in the spotlight, mobile app makers must ensure their code and third-party components properly protect personal data. Consumers have also intensified their focus on data privacy. An International Assoc ..read more

NowSecure benchmark mobile application security testing reveals a staggering 95% of mobile apps fail at least one OWASP MASVS category, putting organizations at significant risk of data breaches and leaks.  The OWASP Mobile Application Security Verification Standard (MASVS) sets a minimum security and privacy bar for mobile security professionals and developers to follow when building and testing mobile apps. OWASP MASVS outlines seven critical areas of the mobile attack surface — MASVS-STORAGE, MASVS-CRYPTO, MASVS-AUTH, MASVS-NETWORK, MASVS-PLATFORM, MASVS-CODE and MASVS-RESILIENCE.  ..read more

While the world runs on mobile apps, the importance of a robust mobile app security testing (MAST) stack cannot be overstated. As attackers have turned their eye to mobile apps such as Chick-fil-A, RingGo, Shein and UnitedHealthcare, dev and security teams must deploy a modern, multi-layered approach to safeguard their mobile applications. Modern Mobile App Security Testing (MAST) Stack Security represents a critical component of application testing and quality assurance. Just as organizations perform functional, integration and performance testing in the software development lifecycle, they m ..read more

In today’s digital landscape, safeguarding mobile apps has become paramount. Mobile app breaches pose significant threats to data security and privacy. In addition, they erode user trust in apps and their respective developers, which in turn impacts the installed base and revenue.  Mobile application security testing can help organizations identify insecure coding practices, configuration errors and data leaks before they publish their mobile apps in the public app stores. See this infographic below spotlight on a few mobile app security breaches that together illustrate the challenges of ..read more

There is a misconception that data security for mobile apps is a feature when, in reality, it has become a necessity. In IDC’s 2023 DevSecOps Adoption, Techniques, and Tools Survey, 24% of respondents indicated they experienced a sensitive data exposure breach in 2023. If developers don’t properly secure mobile applications, personally identifiable information (PII), health data, or financial data may be exposed. This exposure of sensitive data could damage a company’s reputation, erode customer trust, harm users and decrease value. Furthermore, inadequately protected mobile applications can l ..read more

Developers of iOS apps and SDKs should mark their calendars for upcoming changes to Apple privacy requirements and block out time to familiarize yourselves with them to avoid App Store rejections. Apple announced at the Worldwide Developers Conference (WWDC) 2023 in June new initiatives to increase transparency about mobile app privacy. All mobile app developers will be required to submit a privacy manifest that details data collection practices and usages when they add or update an iOS app in App Store Connect, the platform used for publishing and tracking performance in the App Store.  ..read more