Mobile Developers Follow Mandated Security Protocols
Fifty-seven percent of mobile developers worldwide follow government mandated security protocols, an Evans Data survey said.While software development and security do not always go hand in hand, mobile developers tend to follow security protocols as a necessity, a recent study finds. Security has long been a top issue for mobile development, but an Evans Data survey of mobile developers worldwide shows that 56.7 percent are following security protocols mandated by their governments. This is especially true in North America, where 67 percent use protocols that the federal government has specified for authentication and digital signatures. Use in Asia was only slightly less while only a third in Europe, the Middle East and Africa (the EMEA region) follow government guidelines. The most common potential security issues that developers have encountered in the last year are authentication without using HTTPS, and weak server side controls—both cited by 43 percent of the developers polled. In the United States, the Office of Management and Budget (OMB) guidelines advocate use of HTTPS for authentication, but those guidelines do not necessarily apply to non-government sites. For enterprise developers, data leakage and network-level security issues compete with data tampering in transit as issues.
"Security is critical today in all forms of software development, but there are more vulnerabilities when it comes to mobile," Janel Garvin, Evans Data CEO, said in a statement. "Encryption during transport over the network is one of the issues peculiar to mobility that is particularly of concern to developers, but so is encryption for data at rest on the device. As mobile devices become the de facto standard for the client, these issues have become more pressing."