Security by Design for Mobile Apps
With enterprise becoming increasingly reliant on mobile apps for many of its everyday business
communications, processing sensitive data through these apps could pose a significant risk to data
security. There is a requirement to provide app developers with standards that will achieve security by
design.
By Elisabetta Zaccaria, Chairman Secure Chorus
With the amount of digital information being transmitted via mobile apps rising at a dramatic rate,
protecting this information from falling into the hands of cybercriminals has become a significant
challenge.
With mobile apps, the data exposure risk stems mainly from the variety of data and sensors held in mobile
devices, the use of different types of identifiers and extended possibility of users’ tracking the complex
mobile app ecosystem and limitations of app developers, as well as the extended use of third-party
software and services.
These risks mean that when it comes to the implementation of core data protection principles in mobile
apps – as stipulated by the EU General Data Protection Regulation (GDPR) – there are serious
challenges. The application ecosystem complexity, including app developers, app providers as well as
other actors in the ecosystem (operating system providers, device manufacturers, market operators, ad
libraries, and so on) is the main factor that hinders mobile app developers and providers compliance with
the GDPR, e.g. the requirement to implement data protection by design and by default, during data
processing.