Charlie Fairchild, senior Android developer at WillowTree Apps, writes in a column for InformationWeek that developers should be aware of five security dangers when creating apps:

1. Insecure data storage: Design apps in such a way that critical information such as passwords and credit card numbers do not reside directly on a device. If they do, they must be stored securely. For iOS, passwords should be stored within an encrypted data section in the iOS keychain. For Android, they should reside within encrypted storage in the internal app data directory, and the app should be marked to disallow backup.

2. Weak server-side controls: Servers that an app is accessing (whether they're your own or the servers of any third-party system your app may be accessing) should have security measures in place to prevent unauthorized users from accessing data. It's critical that back-end services be hardened against malicious attackers.

3. Unintended data leakage: Use caution when choosing analytics providers and implementing advertising. Watching what, how, when and where data moves can give an attacker a gold mine of information.

4. Broken cryptography: Always use modern algorithms that are accepted as strong by the security community, and whenever possible use state-of-the art encryption APIs within mobile platforms–think AES with a 256-bit key for encryption and SHA-256 for hashing.

5. Security decisions via untrusted inputs A mobile app can accept data from all kinds of sources. In the absence of sufficient encryption, attackers could modify inputs such as cookies and environment variables. When security decisions on authentication and authorization are made based on the values of these inputs, attackers can bypass your security.

For more on these five dangers, including information on how developers can implement protections against these dangers, read Charlie Fairchild's column in full at InformationWeek.

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.