Mobile Developers Follow Mandated Security Protocols

Fifty-seven percent of mobile developers worldwide follow government mandated security protocols, an Evans Data survey said.

mobile app dev

While software development and security do not always go hand in hand, mobile developers tend to follow security protocols as a necessity, a recent study finds.

Security has long been a top issue for mobile development, but an Evans Data survey of mobile developers worldwide shows that 56.7 percent are following security protocols mandated by their governments.

This is especially true in North America, where 67 percent use protocols that the federal government has specified for authentication and digital signatures. Use in Asia was only slightly less while only a third in Europe, the Middle East and Africa (the EMEA region) follow government guidelines.

The most common potential security issues that developers have encountered in the last year are authentication without using HTTPS, and weak server side controls—both cited by 43 percent of the developers polled. In the United States, the Office of Management and Budget (OMB) guidelines advocate use of HTTPS for authentication, but those guidelines do not necessarily apply to non-government sites. For enterprise developers, data leakage and network-level security issues compete with data tampering in transit as issues.

"Security is critical today in all forms of software development, but there are more vulnerabilities when it comes to mobile," Janel Garvin, Evans Data CEO, said in a statement. "Encryption during transport over the network is one of the issues peculiar to mobility that is particularly of concern to developers, but so is encryption for data at rest on the device. As mobile devices become the de facto standard for the client, these issues have become more pressing."

The Evans Data survey focuses on a wide range of topics related to mobile development, including the use of APIs; monetization; development for Android, iOS and Windows Phone; carriers; mobility in the corporate enterprise; design practices; wearables; and the Internet of things and cloud in mobile development. The study was conducted worldwide with professional software developers active in development for mobile devices and provides a margin of error of 4 percent.

An Evans Data survey from November showed that the quality, expense and risk of discontinuation are major factors in developers' adoption of various cloud offerings. Thirty-eight percent said the "risk of using subscription tools or PaaS [platform as a service] that becomes discontinued" is the biggest barrier to using a particular vendor's cloud tools and PaaS offerings for development.

In a related issue, 48 percent of the cloud developers said that development tools are the top expense of cloud offerings once money and ramp-up time are both considered. In addition, respondents said that "quality of tools" is the one thing that should be most improved in vendors' PaaS offerings.

"For the developer, the tools that he has access to for work in the cloud are of paramount importance," Garvin said in a statement. "Providing high-quality tools and SDKs are a crucial part of a PaaS, but all the offerings have to be of good quality and vendors need to provide some kind of guarantee that the work involved in ramping up to use a new tool won't be lost later by the vendor discontinuing that tool and pulling it off their PaaS."