Securing your mobile apps: six priority areas | KPMG | BE

Securing your mobile apps: six priority areas

Securing your mobile apps: six priority areas

The pace at which mobile apps have permeated into our everyday lives is astonishing. It has, after all, been less than five years since Apple* opened the first app distribution service and, already, apps have become a critical and ubiquitous aspect of most people's everyday lives.


Related content

Paying bills through mobile

In 2009 – just one year after the first mobile apps were put onto smartphones – users downloaded more than 9 billion1 of them; two years later that number had more than tripled to 29 billion. Pundits suggest that 2015 will see the number soar to 183 billion.2

This is not all Angry Birds and restaurant reviews; many enterprises have also found apps to be a valuable tool for enhancing productivity, driving mobile adoption and increasing efficiency. The trend is set to continue; according to the researchers at Gartner, almost nine in ten enterprises will likely support corporate applications on personal mobile devices by the end of next year.3

A new and flexible model for development

In part, this is because app development offers organizations a new and different model for delivering IT support and services. Rather than spending two or more years developing a near-perfect piece of software, apps are developed in a more iterative fashion where improvements and new functionality are bolted on as they are demanded or developed.

This is both a good and a bad thing. On the one hand, this development style allows for greater flexibility, faster development time and a greater ability to make changes or fix bugs as needed. It also means that opportunities for competitive advantage can be capitalized upon as soon as they are identified.

At the same time, however, the approach creates new challenges, particularly for risk managers, security leaders, executives and even the developers themselves. For one, an application that is rushed to market too early may meet with negative reviews and fail to ever gain sufficient traction. Too many upgrades and fixes also carry the potential for overwhelming devices or soaking up valuable bandwidth.

The imperative of rigorous testing

The greatest challenge, however, relates to security and resilience. Indeed, with applications now holding increasing amounts of our personal and mission-critical enterprise data, the ability to adequately test mobile apps has become a vital capability for software developers and enterprise risk teams alike.

But interestingly, many mobile apps seem to enjoy a veritable 'free pass' when it comes to testing, particularly when compared against the rigorous risk testing and resilience planning that once defined enterprise software development.

Key areas of focus for testing

In our experience, mobile apps – whether in the consumer or the enterprise market – should undergo rigorous testing against six key criteria:

  • Interoperability – With the potential for numerous applications and services running simultaneously on a mobile device, testing must address how the mobile application responds when other services are active.
  • Recoverability – Mobile app testing should consider a range of potentially unexpected events that may occur such as power limitations, faulty devices or platform failures – particularly since modern mobile operating systems tend to do a poor job of managing concurrent services and applications.
  • Efficiency – While today's mobile devices boast a myriad of power hungry components including GPS, multiple network radios, and video cameras, some providers may not offer sufficient battery capacity in their devices to consistently power these components, making the efficiency of power consumption a critical testing point.
  • Security – All too often, mobile apps rely on unsecure connections, store data unencrypted, or allow direct access to data through an unsecure interface. Testing should address these potential security issues through the use of application and network security testing tools.
  • Fault tolerance – Since mobile devices are (as the name suggests) mobile they are exposed to a litany of new problems such as suspended connections, varying network strengths, or the temporary loss of a GPS signal.
  • Usability – Given that user experience of the application differs by device, and that enterprise users are increasingly being encouraged to bring their own devices to the office, mobile app testing must account for the wide variety of devices that may be used.

Putting testing at the forefront

The bottom line here is that testing cannot be an afterthought for application developers and enterprise risk managers. Indeed, organizations must take a risk-based approach to help ensure the success of their mobile apps in the marketplace.

To achieve this, new testing techniques and tools will be needed to help companies quickly develop and redesign secure, stable, functional mobile apps. Such techniques and tools must – above all – help risk managers and developers to manage and mitigate the business and operational risks specific to mobile apps.

By Christopher Ammann and Ryan Burns, KPMG in the US

Foot Notes

* Apple is a trademark of Apple Inc., registered in the U.S. and other countries.

1. ABI Research, Mobile Applications Market Data January 2012.

2. IDC Press Release "IDC Forecasts Nearly 183 Billion Annual Mobile Downloads by 2015: Monetization Challenges Driving Business Model Evolution", Jun 28 2011

3. Gartner, Inc.; Gartner's Top Predictions for IT Organizations and Users, 2011 and Beyond: Its Growing Transparency, 23 Nov 2010.

Connect with us


Request for proposal