Skip to content
  • Services
    Our Approach
    Personalized, in-depth technical guidance on a global scale that helps organizations achieve their digital transformation goals.
    Learn more
    • Our Approach
    • Development
    • Design
    • Digital Experience Platform
    • Data & Analytics
    • Cloud & DevOps
    • Support
  • Work
    Our Work
    Through our expertise in strategy, design, and engineering, we help clients deliver digital transformation at scale.
    Learn more
    • Our Work
    • Healthcare
    • Finance
    • Manufacturing
    • Agriculture
    • Education
  • About
    About us
    For over 20 years, we’ve partnered with companies of all sizes and industries to solve their most complex business problems.
    Learn more
    • About us
    • Leadership
    • Locations
    • Events
    • News
  • Careers
    Join our Team
    Take your career to the next level. We offer exciting opportunities across every stage of the software development life cycle.
    Learn more
    • Join our Team
    • Open Positions
    • Application Process
    • Benefits
    • Learning & Development
  • Insights
    Our Insights
    Read our latest blogs, watch our recent videos, and browse our library of e-books — all full of insights from our experts.
    Learn more
    • Our Insights
    • Blog
    • Videos
    • Downloads
  • Contact
Menu

6 Mobile Application Security Techniques

Six questions to ask yourself or your development team to make sure you are taking mobile security seriously.

Annika Hey

Annika Hey

Design Principal

Atanas Atanasov

Atanas Atanasov

Software Development Manager – Agile Frameworks

Björn Stansvik

Founder & Chief Executive Officer

Daniela Nazim

Daniela Nazim

MentorMate Alumni

Dimitar Dobrev

Dimitar Dobrev

MentorMate Alumni

Craig Knighton

Chief Operating Officer

Eleonora Georgieva

Global VP, Delivery

Georgi Dormishev

George Dormishev

System Administration Manager

Ivaylo Kostadinov

Director, Software Engineering - .NET

Jamie Bolseth profile picture

Jamie Bolseth

MentorMate Alumni

Jay Miller

President

Jeni Kyuchukova

Director, Quality Engineering

Jessica Anderson

VP of Finance and Administration

Liz Spolyar

Global Director, Continuation Engineering

Nick Curran

Nick Curran

Technical Architect

Nikolay Lyubchev

Global Director, Talent Acquisition, MentorMate

Stefan Tsvyatkov

Director, Software Engineering - Mobile

Stefan Tzanev

Chief Financial Officer

Vesselin Dobrev

Vesselin Dobrev

General Manager (Bulgaria)

Sylvia Vassileva

Sylvia Vassileva

Software Development Manager - Spok

Filip Gajtanovski

Software Development Manager - Storyworks

Krasimir K. Nikolov

VP of Technology

Katherine Kelly

Director of Operations (USA)

Carrie Siewert

Strategic Account Manager

Brady Swanson

Global Director, Marketing

Eve Poeschl

MentorMate Alumni

Ryan Peña

MentorMate Alumni

Vassil Vassilev

Software Development Manager - .NET

Pavel Petrov

Director, Software Engineering - LAMP&FE

Ivan Peev

Senior Technology Manager

Bob Reuss

MentorMate Alumni

Vera Kasapova

QA Manager

Greta Yamacheva

QA Manager

Robert Samuelsson

General Manager (Sweden)

Kyle Simmons

Solutions Architect

Robin Thomas

Solutions Architect

Nataliya Naydenova

MentorMate Alumni

Adam Malone

Alexander Dimitrov

Enterprise Architect

Andrea Kates

CEO, LaunchPad Central

Andrew Eklund

CEO, Ciceron

Andrew Marinov

Angel Nikolov

MentorMate Alumni

Anurag Shukla

Aron Wolde

MentorMate Alumni

Ashley Goodridge

Office Assistant

Benjamin Gramlich

MentorMate Alumni

Chris Black

MentorMate Alumni

Christa Haeg

MentorMate Alumni

Colin Lee

MentorMate Alumni

Deyan Stoynov

MentorMate Alumni

Dimitar Danailov

MentorMate Alumni

Dobrinka Tabakova

Doug Leatherman

Emily Genco

MentorMate Alumni

Fanka Vassileva

Gabriela Zagarova

MentorMate Alumni

Gary Conkright

CEO, physIQ

Gary Fingerhut

Executive Director, Cleveland Clinic Innovations

Gavin Finden

MentorMate Alumni

Georgi

Graham Klang

Hyusein Hyuseinov

Senior Automation QA

Ian Good

Global VP, Operations

Iva

Jack Cosentino

James Williams

John Byrne

Kaloyan Stoilkov

MentorMate Alumni

Kosta Hristov

Krasimir Gatev

Senior Android Developer

Lazar Petrakiev

Lyubomir Dobrev

Senior .NET Developer

Lubomir Velkov

Marin Yotovski

Mark Smith

MentorMate Alumni

Martin Dimitrov

MentorMate Alumni

Martin Kalyonski

Mike Hagan

MentorMate Alumni

Nikolay Andonov

Nikolay Arhangelov

Riley Panko

Guest Contributor

Roger Ferguson

MentorMate Alumni

Ryan Sysko

Chairman, WellDoc

Ryan Blake

MentorMate Alumnus

Sarah Rockholt

MentorMate Alumni

Sean McDevitt

CEO, Sensei

Siyana Slavova

Stanislas Walden

MentorMate Alumni

Stanislav Atanasov

Stanislava Bogdanova

MentorMate Alumni

Stefanie Trimble

MentorMate Alumnus

Stephen Fluin

Stoyan Stoyanov

MentorMate Alumnus

Tessa Cacek

Staffing Manager

Tom Clemens

MentorMate Alumnus

V8 JavaScript Engine

Viktor Mitev

Yolanda Petkova

Marketing Design Lead

Pete Anderson

Lead Product Owner, Target

MentorMate Software Development Lead Vasil Nonchev

Vasil Nonchev

Java Software Development Manager

Dilyana Totseva

QA Manager

Stanimir Nikolov profile picture

Stanimir Nikolov

Software Development Lead - iOS, MentorMate

Rosen Kolev

Technology Principal

Dimitar Mihaylov

MentorMate Alumni

Nikola Genov

Software Architect - .NET

Neli Todorova

Software Development Manager - LAMP

Yavor Dimitrov

MentorMate Alumni

Georgi Karanedyalkov

Software Development Lead - Android, MentorMate

Denislav Ganchev

Technology Principal

Stefan Shopov

QA Manager

Konstantin Rusev

Java Developer

Borislav Dimitrov profile picture

Borislav Dimitrov

Senior Android Developer, MentorMate

Tsvetelina Lazarova

MentorMate Alumni

Dimitar Gadzhev

Developer

Plamen Stoev

Software Development Manager - Front-end

Jake Nelsen

Senior Experience Designer

Zlati Pehlivanov

Zlati Pehlivanov

Senior Software Engineer II

Kate Tolmie, MentorMate Senior UX Designer

Kate Tolmie

Senior Experience Designer

Martin Angelov

Director, Software Engineering - LAMP&FE, MentorMate

Dimitar Zhelev

Senior .NET Developer

Joel Swenson, MentorMate Content Writer

Joel Swenson

Content Manager

Kiril Ivanov

Quality Assurance Analyst

Viktor Hristoskov profile picture

Viktor Hristoskov

Software Development Lead - iOS, MentorMate

Violeta Nikolcheva

Database Developer

Biliana Kadakevlieva

Senior Quality Assurance Analyst

Chris McLeod

Senior Solutions Consultant

Antonii Georgiev

Junior .NET Developer

Alexander Rusev

Front-End Developer

Matt Erickson, MentorMate PR and Social Media Manager

Matt Erickson

MentorMate Alumni

Brian Buchkosky

Global Director, PMO

David Tran, MentorMate VP of Solutions

David Tran

MentorMate Alumni

Kristin Krueger

MentorMate Alumni

Magdalena Chervenkova

Business Analyst

Denny Royal

Chief Design Officer

MentorMate Technical Account Strategist Joe Bodell

Joe Bodell

MentorMate Alumni

Viktoriya Chuchumisheva - MentorMate HR Manager

Viktoria Chuchumisheva

HR Manager

Kalina Tekelieva Headshot

Kalina Tekelieva

Senior Content Marketing Artist

Daniel Rankov profile picture

Daniel Rankov

MentorMate Alumni

MentorMate Senior Business Analyst Alexander Alexandrov

Alexander Alexandrov

BA Lead

MentorMate

Clint Rowles

VP, Business Development

Nikola Donev - SysAdmin

Nikola Donev

SysOps & DevOps Lead

Tseko Tsolov

Frontend Developer

Denislav Lefterov

Automation QA Analyst

MentorMate Content Writer Dilyana Kodjamanova

Dilyana Kodjamanova

MentorMate Alumni

MentorMate Project Manager Emma Jorstad

Emma Jorstad

Project Manager, Lead

Georgi Georgiev profile picture

Georgi Georgiev

Software Development Lead - LAMP, MentorMate

Martin Panayotov profile picture

Martin Panayotov

Senior iOS Developer, MentorMate

John Blake

John Blake

Senior Account Manager

Tyler Compton

Tyler Compton

Solutions Architect

MentorMate Software Developer Nikola Peevsk

Nikola Peevski

Software Developer — Lamp & Front-End

Aaron Whitney

Director of Client Strategy

MentorMate Senior Cloud Engineer Veliko Ivanov

Veliko Ivanov

Senior Cloud Engineer

MentorMate Senior Project Manager Suzanne O'Brien

Suzanne O’Brien

Senior Project Manager

Svetlin Stanchev profile picture

Svetlin Stanchev

Software Development Lead - Front-end, MentorMate

MentorMate Senior Cloud Engineer Todor Todorov

Todor Todorov

Senior Cloud Engineer

MentorMate Senior QA Analyst Kate Stamatova

Kate Stamatova

Senior QA Analyst

Frank Anselmo profile pic

Frank Anselmo

Global Director, Project Management

Gyuner Zeki Headshot

Gyuner Zeki

Solutions Architect

Galin Stanchev

QA Analyst

Sarah Hoops

Business Development Manager

Brenden Diehl

Business Development Manager

Anna Krivova profile picture

Anna Krivova

Software Development Lead - Front-end, MentorMate

Ivelina Kavalova profile picture

Ivelina Kavalova

Senior Business Analyst, MentorMate

Paul Sanders

MentorMate Alumni

Jim Cikanek

Senior Client Strategist

Samuil Yanovski profile picture

Samuil Yanovski

Software Development Manager - Android, MentorMate

Krasimir Gatev profile picture

Krasimir Gatev

Senior Android Developer, MentorMate

Kristina Goryalova headshot

Kristina Goryalova

Talent Acquisition Manager

Elena Petrova Headshot

Elena Petrova

HR Specialist

Jay Matre

Senior Business Architect, MentorMate

Lilyana Dimitrova

QA Specialist

Josh Marquart

Chief Strategy Officer

Mario Gorki

Senior Mobile Developer

Simeon Zhekov Headshot

Simeon Zhekov

Cloud Engineer

Hristo Stoyanov Headshot

Hristo Stoyanov

Cloud & DevOps Lead

Ben Wallace

Enterprise Architect

Boyan Stoyanov

Data & Dota Specialist

MentorMate Director of Software Engineering Petya Ivanova

Petya Ivanova

Director, Software Engineering - Java

Sebastian Ortiz-Chamorro

VP of Engineering, Latin America

Consuelo Merino profile pic

Consuelo Merino

Director of Operations

Securing mobile apps is complex, especially when sensitive data needs to be stored locally on the mobile device. Security is one of the most critical characteristics of mobile apps in verticals such as financial, insurance and healthcare. In many instances, mobile apps must adhere to a variety of privacy standards (FDA, HIPAA, etc.) and often require offline capabilities and online network communication, whether on a small-scale network, the cloud or the web.

Audit your mobile application security by asking yourself (or your developer) these six questions:

Secure application integrity

1. Do you obfuscate the binary executable file as part of the build?

Compiled, binary source code can be obfuscated in order to make it more difficult to decompile and reverse engineer using tools such as Proguard (for Android). For the iOS platform, a different technique can be applied to rename strategic class names and method names as part of the preprocessor phase (e.g. PersonalData -> NSNumber_Extension) and enable deployment post processing, and strip linked products to hide the important parts of the code.

2. Are app integrity checks performed during runtime?

Repackaging is often used by a malicious attacker as a way to trick users into providing private information or to install malware. By checking the application signature with which the application was signed against the expected signature, we can determine at runtime whether or not the app has been compromised. In addition, you can also checksum your binary by putting a well hidden MD5 hash (preferably a salted hash or double-hash) somewhere in your app, which makes it more difficult for a potential hacker to figure out how to get the correct hash. Where you store it doesn’t matter (as long as it’s not in the binary) and then set up a script that will re-generate the new hash at every build (when your binary changes). In your code, check the stored hash against the binary. If they are different, that means the binary has been modified, in which case it should display an error message asking to re-download the app.

Secure locally stored data

3. Does your app encrypt its local storage?

A best practice to ensure locally stored data is not readable on compromised devices is to encrypt the data with AES, DEC or other standard encryption algorithms. The SQLite local databases can be encrypted on iOS and Android, on a file level and on an individual data field level. A popular open source library for encryption at file level is SQLCipher. A unique private key for the encryption is dynamically generated for each device, but not hardcoded in the source code in order to minimize risk of obtaining the key by decompiling/reverse engineering the mobile app executable. Be aware that the tradeoff of any encryption applied is increased code complexity and more intensive processing on the device, which impacts performance and battery life.

4. Is compromised local data being detected by the app?

Mobile apps cannot detect when local storage is being accessed by an external entity to read data on a compromised device. However, one can detect when local storage has been compromised by accessing encrypted files from a separate application process that is signed with the same signature as the main application. Additionally, data field checksums generated using MD5 or SHA1 algorithms may invalidate a data file if it’s being modified by an unauthorized code.

Secure data transfer

5. Do you use a secure connection to access APIs or data sources?

Always transfer data from/to external services and the cloud using secure HTTPS-encrypted protocol. Furthermore, to secure serial communication, a best practice is to have every data packet encrypted and decrypted at runtime by applying a standard encryption algorithm, such as AES or DEC.

6. Does the app session expire?

Access to remote data should expire during a certain period to protect the data in the event a user left the device unattended. This feature is available for all mobile development approaches. For native apps, it is possible to detect when the app is suspended in order to terminate the session and require a user to authenticate the next time they launch the app.
A few additional techniques for maximizing security that are worth mentioning:

  • Preventing the mobile app from running on a jailbroken/rooted device
  • Preventing taking screenshots of the app screens
  • Detecting if the application is running on an emulator
  • Restricting debuggers

Overall, there are multiple approaches to securing mobile apps and each one comes with pros, cons and risks. Understanding the implications of each technique is essential for a solid mobile strategy. MentorMate uses extensive knowledge base and continuous research on ever-changing mobile platforms and development frameworks to provide strategic IT and technology consulting services to help companies adopt mobile and minimize risks.

Image Source: Unsplash, Siarhei Horbach

Tags
  • Mobile
  • Quality Assurance
  • Development
  • Security
Share
  • Share on Facebook
  • Share on LinkedIn
  • Share on Twitter
Share
  • Share on Facebook
  • Share on LinkedIn
  • Share on Twitter
Sign up for our monthly newsletter.
Sign up for our monthly newsletter.

Read what's next.

Blog

Why Are Operations Essential to Scalable Software?

Blog

How Secure Are IoT Solutions, Really?

  • Twitter
  • LinkedIn
  • Instagram
  • Facebook
United States
MentorMate1350 Lagoon Ave, Suite 800
Minneapolis
, MN 55408

+1 612 823 4000
Bulgaria
67 Prof. Tsvetan Lazarov Blvd.
Sofia 1592, Bulgaria,
+359 2 862 2632
Sweden
Drottninggatan 29
411 14 Göteborg

+46 3 199 0180
Paraguay
Carlos M. Gimenez 4855
Asunción, Paraguay

+595 21 327 9463

Copyright © 2023 MentorMate, Inc.

  • Cookies
  • Privacy
  • Terms
  • Continuity Policy
This site is registered on wpml.org as a development site.