Don’t Forget Security When Developing Corporate Mobile Apps

mobile appsWith the rise in mobile device usage, bring your own devices to work (BYOD), the Internet of Things (IoT), combined with the decline of personal computers, many corporate leaders believe that their businesses should develop a mobile application, or in tech lingo, an app.

An Appcelerator survey of enterprise leaders released in January 2013 reported that 73% of enterprises built fewer than five applications, and 39% built none or just one. (1) (2)

But does your business really need an app to be competitive, or do you simply want to be able to SAY you have one? Will an app fill a critical hole for your business, or will it add to the IT Department’s list of items to regularly maintain and upgrade? Will an app reduce down time for employees, provide a tool for customers to better interact with your business, or create an opportunity for innovation? Above all, what would be the security implications of a corporate mobile app?

The midsize market is blanketed by apps that allow industries to be more robust. For example, the real estate industry, the healthcare industry, and the entertainment industry are just a few of the many industries that use mobile apps to be more competitive and offer innovative ways for their customers to access their products or services.

But how does security fit? For purposes of this discussion, let’s assume that you’ve gone through your due diligence and research and developed an app for your business. Now, when someone downloads your app, what type of information are you gathering about your customer? Once the app is downloaded, will you require the app to need access to any of the following information: customer name and phone data, Wi-Fi data, location, call history, calendar, contacts, and browsing history? Your business will need a convincing explanation as to why you need any or all of these types of customer data. Since each of these touch points can be manipulated, what will you use the data for?

The question remains about your application code integrity (the computer coding used to build your app). Although this may not be a concern to the end user, do you have adequate change management in place to ensure code consistency and integrity? Since Android has become the biggest playground for hackers, your app must be as bullet-proof as possible before hitting the “market” whether internal or external. Your code must be checked on a regular basis and updated for flaws.

If developing apps is not your core competency, the process of continuously monitoring your app may not be your first priority. However, this may come back to bite you if the app becomes compromised and your customers’ data ends up on the black market for anyone to buy. And if the data is your internal corporate data, there may be intellectual property or confidential information that may wind up in the wrong hands.

So before you decide to write your first line of code, be sure you have the proper internal change management process in place to fix bugs and keep up with the latest vulnerabilities. Or, in the alternative, you can bypass the creation of a corporate mobile app for the short-term. Without proper policies and procedures, that wonderful idea you have for a corporate mobile app might just bankrupt your business.


Image Credit: KROMKRATHOG via

(1) Statistics from article, Why Your Enterprise Must Rethink Mobile App Development:

(2) Appcelerator Developer:

Here are some resources to check out before creating an app.

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats

About Allan Pratt

Technology and cybersecurity professional with focus on tech news, cybersecurity, networking, infrastructure, data protection, consumer electronics, and social media.
This entry was posted in BYOD, Cybersecurity, Internet of Things, Mobile Computing, Online Security and tagged , , , . Bookmark the permalink.

2 Responses to Don’t Forget Security When Developing Corporate Mobile Apps

  1. Paylab Plus says:

    Nicely presented and informative!

  2. mickyjames01 says:

    Thanks for sharing such a wonderful resource. I totally agree with your post that mobile application development is a great resource for small businesses and it also offers various advantages.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s