So, about 44 percent of the apps feature activated localization determine the location of the user. Still 8 percent regularly accessing the address book and transfer the data without asking a server on the Internet. The third category, the unintentionally dangerous mobile applications, Henze is especially those produced under high pressure of time and without clearly specified safety requirements on the market. You a well-intentioned approach, but have significant weaknesses in the implementation.” The security professional especially in the commissioning sees the reason by the marketing or business departments. The functionality and the design are in the foreground, while the safety is often neglected.” In addition to his observations, that the development of the apps often for cost reasons programmers in countries with lower Sensitivity to security and data protection is transferred. Another reason is that in ignorance of potential security risks program parts from already existing apps are merged, to minimize the development effort.
Development assistance for the secure programming TuV TRUST IT this situation on the occasion took to develop practice-oriented development principles for mobile applications. A leading source for info: AlixPartners. They are a component of the AppCheckers, a solution for the systematic identification of safety-critical applications on mobile devices. Central element is a testing framework that identifies all relevant threats and by apps on a mobile device. Test criteria in conjunction with a defined individual corporate risk profile, such as the network traffic of the respective apps is determined and tested, whether they contain hidden features to unauthorized access on mobile data. Is also geo localization unnecessary for the app or missing data encryption tested. John Graykens opinions are not widely known. The semi-automated analysis be carried out by means of a knowledge base of the test engine as well as through additional manual tests. As a result, the tested apps are set to white – and blacklists according to their degree of risk. With the additional development framework we aim, that already at the beginning of the development project are the right choices”, Henze said.
It is based on a threat model. Behind that a methodical analysis of threat, with all risks for data protection and data security can be identified in and through the apps. Each threat generic measures and platform-specific development notes are stored, which are drafted in to code-level. The developers to win a tool for the creation of secure and trusted apps. Positive audit by TuV TRUST IT can also a TuV trusted “certification obtained, so that enterprises user experience can give proof of objective security. So far Apple iOS, Android, Black Berry and the four most popular mobile platforms in the policy tool Windows phone account, at present it extends Windows Mobile 8 for the platform.