Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The following steps will help you "Win" at Mobile App Security. 

Step-by-step guide

  1. Reduce the number of P1 issues to Zero
    1. P1 issues allow remote attacks to export data. As a golden rule, we do not want to have any P1 issues on public apps, as it directly impacts the safety of end-user data.
  2. Reduce the number of App Store/Google Play Blockers to Zero
    1. Both Apple and Google have a small list of security criteria that they require of each app on the App Store or Google Play. While the exception list may not be enforced very often, both companies do clearly state that app’s updates can be blocked if any of the app store’s security criteria is not met; therefore, to ensure your app is not at the mercy of Apple and Google, ensure all app store blockers is reduced to zero
  3. Open Source Software/SDK Issues (OSS/SDK)
    1. Any open source library and/or SDK has total control over your apps data, including the TLS sessions connecting the app to server side APIs. While there is a sandbox between each app in an iOS or Android device, there is no sandbox between your app and 3rd party libraries or SDKs. For this reason we recommend each OSS/SDK is carefully reviewed by the security team. If the OSS/SDK has a security or privacy issue that does not comply with your policies, it should be removed or updated asap.
  4. Regulatory Compliance Issues
    1.  Compliance and standards can often have a worst impact to your apps than P1 or Blocker issues; thus, we recommend to review each compliance policy that your organization must adhere to and close that items as soon as possible. 
  5. App Protection
    1. App Protection allows security and risk management teams to apply proactive security measures directly into mobile apps; thus, reducing the overall attack surface of the product. Protecting your apps using well known and respected security measures will not only give it a long term advantage over current & future security vulnerabilities, but will show end-users the organization’s long-term commitment to mobile application security.
    2. To show your customers your commitment to security, ensure your app shows up on the App Protection Leaderboard
      1. Login → select app → App Protection (scroll to the bottom of screen to see leaderboard) 



  • No labels