Blog

Solving the Gaping Security Hole Plaguing All Mobile Devices

Nikfar Khaleeli | Sep 30, 2019

Solving the Gaping Security Hole Plaguing All Mobile Devices

Read any of the scores of columns or tip sheets on the “Top 5 BYOD Mistakes” to avoid, and app-level
security is scarcely mentioned. That’s surprising because surveys show, over and over, the primary
reason for app-level security is uncertainty over the ability to protect data flowing to and from personal
devices. 

Breaches of mobile phones have become legendary. A security flaw with an Android mobile operating
system was reported earlier this month to have left over a billion Samsung, Huawei, LG and Sony
smartphones vulnerable to cyberattacks. Researchers from Check Point said that “a remote agent can
trick users into accepting new phone settings that, for example, route all their Internet traffic through a
proxy controlled by the attacker.”

“The large majority of mobile application developers spend their time and money hoping to dazzle their
customers with bells and whistles, not on protecting those customers,” noted a writer in Security
Boulevard. “Their apps are feature rich and security poor.”

App-Level Security is Critical

With the recent spate of mobile phone breaches, it’s just now coming to light that encryption provided
by a device’s OS is not enough to protect the data on those devices. Think of it this way: OS-based
encryption, once hacked, can leave both apps and data on the phone open to intruders.

Thus, app-level security is becoming commonplace, and just in time. It provides an additional layer of
security, should the device encryption itself be hacked. That’s an advantage for both a corporate-
managed device, which already incorporates an MDM profile, or for a BYOD device.

But is it enough to secure an app once and apply that security each time a new device with that app is
provisioned? In fact, it’s not. The app must be secured again every time it’s updated – or when the
underlying OS is updated. That’s true for all mobile devices, whether they are enterprise-sanctioned and
controlled devices or BYOD devices.

No-Code Automates Integration of App Security

With app updates, OS updates, new apps and increases in the numbers of devices accessing corporate
network, the effect is like a one-two-three-four punch to organizations just trying to keep up. Add that
to the growing shortage of software developers! Although it’s easy to claim there’s a single solution to
the problem, one thing is becoming clear: no-code integration of app security is reducing the pain to a
routine task of provisioning devices.

Developing code without actually writing code can accelerate go-live substantially. It allows the
integration of essential policy compliance services into mobile apps – even on unmanaged devices –
with no need to write or maintain integration code.

A no-code security integration solution can eliminate the errors that are the bane of developers who are
charged with implementing app-level security. And no-coding can automatically embed military-grade
encryption that ensures corporate data is always safe, even when the device isn’t under enterprise
controls.

“Many frameworks exist for mobile platforms that cover security concerns and allow developers to
abstract themselves from some of the more challenging decision/implementation woes,” according to
Security Boulevard. While that’s true, written between the lines is this: mobile developers just want to
focus on innovation, not on the drudgery and risks inherent in mobile app security integration. For those
developers, no-code security integration is quickly becoming a standard.

Let's Stay In Touch

All our latest content delivered to your inbox a few times a month.

Blue Cedar

Copyright © 2019 Blue Cedar. All Rights Reserved. | Privacy Policy Various trademarks held by their respective owners.

Blue Cedar

325 Pacific Avenue, San Francisco CA, 94111
Phone: (415) 329-0401

Payment Method: All Major Credit Cards and Checks