Industry executives and experts share their predictions for 2022.  Read them in this 14th annual VMblog.com series exclusive.

Mobile Security Will Improve (But Not for App Developers)

By Ryan Lloyd, Chief Product Officer, Guardsquare

A drastic shift in where and how people choose to connect has led to a significant increase in mobile usage. But this trend isn't only resulting in easier collaboration and greater productivity; malicious actors are increasingly targeting mobile devices and apps. The FBI has issued a warning that the 50% surge in mobile banking since the beginning of 2020 has resulted in an uptick in app-based trojans, fake apps, and other financial vulnerabilities.

We've also seen plenty of headlines about Apple and Google pushing out security updates to their mobile platforms throughout 2021, but what does this mean for app developers? We predict that next year we'll see mobile security improving for the iOS and Android ecosystems, but app developers will continue to be overlooked and will need to take mobile app security into their own hands. Here's why.

Mobile Platform Security Innovation

In 2022, mobile platform providers - namely Apple and Google - will continue to make strides in mobile security. Both companies have been making, and will continue to make, innovative software improvements to provide greater security and privacy to their ecosystems, which benefits end users.

Apple and Google, however, are primarily incentivized to secure their operating systems from malware, data leakage, and other concerns that negatively impact device users. For example, both platforms leverage code signing, app store encryption, and other techniques to prevent users from running modified apps or downloading app clones that contain malware.

Sandboxing capabilities on both operating systems also protect users from data leakage and other privacy concerns. Running apps in a sandboxed environment - where app resources are isolated from each other - makes it more difficult for malicious actors to steal data from other apps without proper permissions.

But these capabilities are just one side of the security coin. App developers' concerns go beyond upholding the privacy of their users because there are several business risks to protect their apps from, as well.

App Developers Will Be Overlooked

Tightening the screws on privacy and malware detection protects the end-user of the device, but these efforts do not protect the app developer and their interests. In fact, our research has found that 81% of developers believe iOS and Android standard security isn't sufficient.

For mobile app developers and publishers, the outcome of a security incident can be devastating. Many static and dynamic attacks target the code and application functionality directly, rather than compromising the platform the apps run on, so additional security measures are needed beyond the capabilities the operating systems provide.

The risks include loss of revenue, intellectual property theft, data forgery, and a negative impact to reputation, among others. These provide reason enough for app developers to prioritize application security and go beyond the security enablers of the mobile platforms. Ironically, mobile end users could still be negatively impacted if there's an app security issue, but the responsibility falls on the app developers rather than the mobile platform providers.

You'll hear a lot about Apple and Google improving mobile security, but don't be confused. These companies are mainly focused on protecting mobile device users. This means app publishers will be largely on their own when it comes to protecting their mobile apps from reverse engineering, tampering, and other common mobile threats.

What this prediction means: Mobile app developers will need to prioritize application security in the coming year in order to protect their organization and users from a growing mobile threat landscape.

At Guardsquare, we're committed to helping mobile app developers implement security measures to protect their companies from cyber threats. Our multilayered approach to mobile application testing, application hardening, and threat monitoring ensures mobile apps have  protection that goes beyond the security capabilities of iOS and Android.

##

ABOUT THE AUTHOR

Ryan Lloyd, Chief Product Officer, Guardsquare