Key Data Privacy Considerations in Creating Web and Mobile Apps
The app economy is booming. As of 2017, there were over 2.8 million apps available for download from the Google Play Store. The Apple App Store boasts of over 2 million apps. With the smartphone explosion, apps have created a permanent place in our lives. With this growing acceptance of mobile apps, the enterprise too has become ‘appified’. According to the “Mobile Enterprise Application Market by Software (Accounting & Finance, ERP, Communication & Collaboration, and CRM), Operating System (Android, iOS and Windows), Type of App, Organization Size, Industry Vertical and Region – Global Forecast to 2021” report, the mobile enterprise application market is expected to grow to USD 98.03 Billion by 2021 from USD 48.24 Billion in 2016. That’s a compound annual growth rate of over 15% from 2016 to 2021. There are many reasons for this appification of the economy – greater smartphone adoption, better connectivity, growing demand for real-time information capture and a consequent focus of organizations to make their processes mobile-ready, and a growing mobile workforce, are all compelling drivers.
The growing use of smart devices and mobile applications also leads to a corresponding rise of volumes of data. Given the very nature of most apps, personal data is collected from them for the software to function as designed. As more and more data is captured to make apps hyper-personalized, there are increased calls for focusing on data privacy. The introduction of GDPR, the European online data privacy law that is expected to come into full effect in 2018, is a signal step in this direction. According to this law, organizations and entities seeking personal data have to explicitly inform the user exactly how that data will be used and what will happen to it. This means that the people will have a better idea of how their data is processed. They will also have the ‘right to be forgotten’ along with being proactively informed in the event of a serious data breach. This General Data Protection Regulation (GDPR) framework is a solid step to solidify data protection for all individuals. Mobile and web app development companies thus have to significantly expand their efforts to make apps that are GDPR compliant. This means stronger encryption algorithms, protocols for single sign-on such as OAUTH, enforcing secure communication using HTTPS, and all other relevant steps.
Given this greater focus on data security and data privacy, as apps become an integral part of the enterprise operations, mobile and web app development companies have to look at ways to enhance the security layer of these applications. Application architects and designers have to thus design web and mobile applications placing security at the beating heart of the entire development effort. This means error-free and vulnerability-resistant code, and a strong emphasis on testing, especially security testing.
Apart from having the required Intrusion Detection and Intrusion Prevention Systems, in today’s app economy, it has become essential for organizations developing web and mobile apps to include security testing at the core of their development process. This approach ensures that all flaws and vulnerabilities can be exposed during the development process itself. It is also imperative to ensure that the data functionality is optimal to maintain operational capabilities without exposing the application to vulnerabilities or malicious attacks. Tests such as vulnerability scanning, penetration testing, security risk assessment, ethical hacking, access control testing, and security scanning etc. may have to be performed. The need is to test in a robust and judicious manner to prevent customer data being compromised in any manner during usage. At the end of the day, app developers have to be creative in their attempts to “break into” the apps. This is all about the many ways in which application data can be manipulated, all possible vulnerabilities identified, and all forms of risk assessed. Finding the vulnerabilities is an essential first step before identifying ways to boost the security of the application and the data that resides within it.
Given that there has been a dramatic increase in the complexity and sophistication of mobile malware, organizations in the web and mobile application development space have to dramatically alter their way of thinking to stay ahead of those creating such malicious code. They must implement strong security layers while ensuring compliance with regulatory security requirements. In today’s day, as Bruce Schneier says, ‘security is not just a product, but a process’. It’s hard to disagree!