5 ways to ensure your app is secure

Published: 5-Mar-2018

Paul Swaddle, co-founder of Pocket App, offers five top tips for app security

The health service is increasingly using mobile apps to provide better patient treatment and engagement. But many developers get so wrapped up in making their solutions as accessible or as attractive as possible that they don’t focus on security. In this article, co-founder of Pocket App, Paul Swaddle, gives five key security measures he has used when successfully securing mobile apps

For healthcare organisations, digital security is a major concern, with a variety of cyber attacks designed to cost them millions of pounds and break trust with patients.

Security is not something needed solely for computers and data centres; but any electronic device, especially those with internet connections.

Exercising caution is the name of the game, and if you can make it yourself that may be the better choice

So, of course mobile applications fall under this as well.

Making sure your app is secure is much more complex than coming up with the app idea.

One mistake can cause a trust significant issues and the responsibility under GDRP are onerous.

Thankfully, external companies dedicated to making mobile apps for public sector organisations have danced with this issue for years and have developed enough experience to know what works.

Here are five key security measures I have learnt over the years.

1. Start at the beginning

Security of an app is just as important as the design and features, so don’t think its OK to add it on the tail-end of development.

The security of the apps code needs to be kept in mind from day one and be made as tough as possible.

It is a standard practice for the code to be as obfuscated. This way any hackers will have a tougher time trying to break through and may give up.

It is also important, though, that code is modular so it can easily be patched or changed at a moment’s notice.

If the app’s direction changes mid-development the security team need to be made aware and may need to overhaul parts of the code and architecture.

So, both flexibility and difficulty of the code is needed and the easiest way for this is to make sure it has been developed alongside the app since day one.

2. Only trust what you created

There are some cybersecurity solutions out there that just work and plenty of these are being sold to developers to make their lives easier.

Each connection is another entryway for hackers, so eliminate as many as possible

While buying sections of code from third parties does allow for faster development times; it also increases the risk of security issues.

If any third-party code does get used it needs to be thoroughly tested and understood by both security team and the coders to make sure it has no fatal flaws sitting there out of view.

Exercising caution is the name of the game, and if you can make it yourself that may be the better choice.

3. Authorise your API

An API is an essential part of the behind-the-scenes programming, but it’s important to make sure the API is secure and tightly coded.

APIs are needed in development, but depending on how they have been authorised they can also be a simple entryway for hackers.

We recommend authorising the API centrally rather than locally for maximum security.

4. Keep it limited

It may come off as paranoid, but do not trust anything in your apps security. Always assume that any feature added, any additional code needed, any network your app connects to, is a security risk and so needs to be secured.

One way to be keep the risk at bay is to severely limit what the app can access.

If it is not an absolute necessity; then do not give it access. Examples of this include avoiding unnecessary network connections, And don’t give access to features that do not need it (ie a camera or microphone).

Each connection is another entryway for hackers, so eliminate as many as possible.

5. Time for a test, again!

Much like the fourth point, paranoia is a good thing when it comes to digital security. If you believe that any part of your app can be a threat then test, test and retest it all throughout development, and even beyond.

You can never be too secure when it comes to digital security and with the large consequences that come from being unprotected; it is better that enterprises stay safe rather than play a high-risk game

Sometimes just adding a simple new feature or options can cause a ripple effect that opens an entryway for a malicious hacker. So test everything and never stop – this includes performing Q&A and getting customer feedback.

You can never be too secure when it comes to digital security and with the large consequences that come from being unprotected; it is better that enterprises stay safe rather than play a high-risk game.

You may also like