ENISA issues Smartphone Development Guidelines

The document is written for developers of smartphone applications as a guide for developing secure mobile applications and defending against mobile attacks.

Every day, new applications are built for different mobile platforms, bringing along also new attacks.

Poorly built applications could lead to a data theft and/or financial loss[1] . To secure end users, and to ensure safe and secure communications, security of mobile applications is one key priority for mobile application developers.

Following the success of the first edition of the Smartphone Development Guidelines, ENISA publishes an update to the document, and adds new sections to address recent developments, such as the use of biometric sensors, application integrity, and client side injections.  The guidelines aim to cover the entire spectrum of attacks which developers of smartphone applications should consider when building mobile apps. These include:

• Identify and protect sensitive data
• User authentication, authorization and session management
• Handle authentication and authorization factors securely on the device
• Ensure sensitive data protection in transit
• Secure the backend services and the platform server and APIs
• Secure data integration with third party code
• Consent and privacy protection
• Protect paid resources
• Secure software distribution
• Handle runtime code interpretation

In addition, new sections have been added to cover new attacks, abusing biometrics and clients:

• Device and application integrity
• Protection from client side injections
• Correct usage of biometric sensors

Full report is available online

For interviews and press enquiries please contact [email protected] Tel. +30 2814409576

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS