Simplifying app security: what are the best app security measures for you?
by John Barker-Senior Consultant|Tue Dec 10 2019
In our penultimate instalment of our “Simplifying app security” series by Senior Consultant John Barker, we cover how to define the best app security measures for your app – what’s recommended, what’s essential and what’s totally dependent on your solution. If you’ve missed the other articles so far, start here.
In an ideal world, you’d use every security measure available to you.
But in reality, that just isn’t feasible – or necessary, in a lot of cases.
Even the best app security measures on the market will impede the user experience in some way, so the more checks and restrictions you have in place, the more frustrated your users will become.
Today’s blog post will serve as a guide to the kind of security features we recommend, the ones we don’t always use and why – hopefully, it will help you decide on the best app security measures for your solution…
Security measures we recommend
Biometric Identification
What is it?
UX impact?
Input Validation
What is it?
UX impact?
At Rest and In Transit Encryption
What is it?
UX impact?
Scrambling
What is it?
UX impact?
Android Protection
What is it?
UX impact?
Android Obfuscation
What is it?
UX impact?
Security features that depend on your app
Pinning
What is it?
Why might we use it?
What’s the compromise?
Tokenisation
What is it?
Why might we use it?
What’s the compromise?
Jailbreak Detection
What is it?
Why might we use it?
What’s the compromise?
Tap-Jacking for Android
What is it?
Why might we use it?
What’s the compromise?
What are the best app security measures for you and your app?
The ones listed above in the recommended section are pretty set in stone – any app developer worth their salt should suggest implementing these to you.
But when it comes to some of those additional ones, which potentially impact on the performance of the solution or its popularity with users, how do you define what the best app security measures for your app are?
The main question we always ask our clients to consider is: “What kind of security would the app’s users be expecting?” Too high or too low, and users will stop using your app.
Of course, another key consideration from this is whether you’ve thought about how your app will be used and what security implications that could have – a topic I’ll cover in the final blog post of this series.