Browse Definitions :
Definition

mobile app security

Mobile app security is the extent of protection that mobile device applications (apps) have from malware and the activities of crackers and other criminals. The term can also refer to various technologies and production practices that minimize the risk of exploits to mobile devices through their apps.

A mobile device has numerous components, all of them vulnerable to security weaknesses. The parts are made, distributed, and used by multiple players, each of whom plays a crucial role the security of a device. Each player should incorporate security measures into mobile devices as they are designed and built, and into mobile apps as they are conceived and written, but these tasks are not always adequately carried out. Common vulnerabilities for mobile devices include architectural flaws, device loss or theft, platform weakness, isolation and permission problems and application weakness.

When evaluating mobile devices and apps for security, developers should ask themselves the following questions.

  • How do users obtain a particular app?
  • Should a firm create its own app store?
  • How is an app vetted before it is offered for sale?
  • How is an app protected against malware?
  • Was a particular app written and shipped in too much of a rush?
  • How can users tell the difference between a legitimate app and a fake?
  • How easily can automatic update features get hijacked?
  • What measures exist to control the risk of device jailbreaking?
  • What kind of permissions should a particular app ask for?
  • Can any of the functions and capabilities unique to mobile devices (such as geolocation) enhance app security?
  • Can any other apps keep track of when, where, and how a certain app is used?
This was last updated in March 2013

Next Steps

Deciphering RAD Studio XE8

Continue Reading About mobile app security

SearchCompliance
  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

  • enterprise document management (EDM)

    Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be...

SearchSecurity
  • hacker

    A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.

  • Extensible Authentication Protocol (EAP)

    The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by ...

  • session key

    A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session ...

SearchHealthIT
SearchDisasterRecovery
  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage
  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

  • cloud testing

    Cloud testing is the process of using the cloud computing resources of a third-party service provider to test software ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

Close