Browse Definitions:
Definition

mobile app security

This definition is part of our Essential Guide: An IT security strategy guide for CIOs
Contributor(s): Stan Gibilisco

Mobile app security is the extent of protection that mobile device applications (apps) have from malware and the activities of crackers and other criminals. The term can also refer to various technologies and production practices that minimize the risk of exploits to mobile devices through their apps.

A mobile device has numerous components, all of them vulnerable to security weaknesses. The parts are made, distributed, and used by multiple players, each of whom plays a crucial role the security of a device. Each player should incorporate security measures into mobile devices as they are designed and built, and into mobile apps as they are conceived and written, but these tasks are not always adequately carried out. Common vulnerabilities for mobile devices include architectural flaws, device loss or theft, platform weakness, isolation and permission problems and application weakness.

When evaluating mobile devices and apps for security, developers should ask themselves the following questions.

  • How do users obtain a particular app?
  • Should a firm create its own app store?
  • How is an app vetted before it is offered for sale?
  • How is an app protected against malware?
  • Was a particular app written and shipped in too much of a rush?
  • How can users tell the difference between a legitimate app and a fake?
  • How easily can automatic update features get hijacked?
  • What measures exist to control the risk of device jailbreaking?
  • What kind of permissions should a particular app ask for?
  • Can any of the functions and capabilities unique to mobile devices (such as geolocation) enhance app security?
  • Can any other apps keep track of when, where, and how a certain app is used?
This was last updated in March 2013

Next Steps

Deciphering RAD Studio XE8

Continue Reading About mobile app security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

SearchSecurity

  • Web application firewall (WAF)

    A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are ...

  • MD5

    The MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output...

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable ...

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

  • mass notification system (MNS)

    A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

SearchStorage

  • secondary storage

    Secondary storage is used to protect inactive data written from a primary storage array to a nonvolatile tier of disk, flash or ...

  • VRAM (video ram)

    VRAM (video RAM) is a reference to any type of random access memory (RAM) used to store image data for a computer display.

  • ZFS

    ZFS is a local file system and logical volume manager created by Sun Microsystems to control the placement, storage and retrieval...

SearchSolidStateStorage

  • SSD RAID (solid-state drive RAID)

    SSD RAID (solid-state drive RAID) is a methodology commonly used to protect data by distributing redundant data blocks across ...

  • Tier 0

    Tier 0 (tier zero) is a level of data storage that is faster, and perhaps more expensive, than any other level in the storage ...

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close