5 Tips To Design Secure Apps For The App Store

If your app gains a reputation for being anything but secure, it is doomed at best and you could face a lawsuit at worst.

Simon Crompton, freelance Journalist and entrepreneur; Source: Courtesy Photo
Simon Crompton, freelance Journalist and entrepreneur; Source: Courtesy Photo

Developing a good iPhone app is never easy, and standing out from a sea of apps in Apple’s App Store can be even harder.

While you may be interested in looking for creative ways to differentiate yourself, don’t overlook the fundamentals (i.e., ensuring your app is safe for end users).

There are those who intentionally riddle their apps with malicious coding so they can gain easier access to user data. But even if you don’t have nefarious intentions, you can end up accidentally creating loopholes or other vulnerabilities that hackers can exploit.

If your app gains a reputation for being anything but secure, it is doomed at best and you could face a lawsuit at worst. Unfortunately, there is no way to make any app completely free from security vulnerabilities.

Here are 5 app security tips that every appreneur and developer should keep in mind.

 

1. Don’t keep user data longer than necessary

Last November, Apple banned hundreds of apps from its apps store because a Chinese software developer kit called Youmi was used in the apps and collected all sorts of personal data. Many of the app developers had no idea Youmi was a security threat, but that did not save their apps from being blacklisted. Not to mention, nearly half of iOS apps shared users’ location data with third parties.

 

Photo:  © GaudiLab, YFS Magazine
Photo: © GaudiLab, YFS Magazine

Apple has strict rules against apps asking for personal data, and your app should not even attempt to toe the line. If you don’t need the user’s contact data for the app, do not ask for it. And if you do need it, do not keep the data for a second longer than necessary.

 

2. Proceed with caution when using third-party software

While the app developers who used Youmi may have had no idea what it was up to, it was still their fault for not performing diligence prior to using it. Many hackers will make basic code hoping that lazy developers will just copy and paste it into their apps without checking.

While coding an app from scratch can be challenging, it can limit the potential negative effects of third-party software. If you do use third-party software, check it yourself (or hire someone) to see if there is malicious code hidden inside. Don’t rely on word of mouth and reputation alone as the developers who relied on Youmi did.

 

3. Only accept state of the art encryption

Even if you limit the amount of personal data your app uses, there will be still some data which hackers can access and misuse. Because of this, it is necessary to ensure strong encryption to protect that will protect app data.

Encryption is a continual war between hackers trying to decrypt and developers trying to protect their software. But just like mobile users should update their phones to protect against hackers, developers need to use the latest encryption. An AES-256 scheme is recommended, and don’t forget to actually protect the key as well.

 

Photo: © GaudiLab, YFS Magazine
Photo: © GaudiLab, YFS Magazine

How to properly encrypt your apps could be another article in and of itself, but Infoworld offers a fantastic guide with tips that every prospective developer should know about.

 

4. Remember, the buck stops with you

Going over every line of code after code to spot vulnerabilities which may or may not exist can be tedious work, and it is far too easy for a development team to ignore such a basic step on the assumption that “someone” will handle it.

As the one who is developing the app, that someone has to be you. Delegate the responsibility of checking for safety if you want, but understand that you have to close the loop with the development team. This means personally chasing up menial tasks such as the roll out of updates, which is crucial to ensuring user security.

The FTC notes in their guide to creating a safe app that “as the developer, you’re the final line of defense.” You are not just the final line, but also the first as you have to make sure that the entire development team is on top of noticing any security flaws.

 

5. Create a user-friendly feedback system

No app is 100 percent secure from hacking. Your app will have security vulnerabilities, and a determined hacker will find some eventually. Because of this, it is important to continuously look for ways to fix holes and release patches on a regular basis.

 

Mobile Marketing For Startups and Small Businesses
Photo: © StockPhotoPro, YFS Magazine

But how will you know that something is wrong? The best way is to solicit user feedback. Craft a solid user feedback system and don’t hesitate to contact users about any issues or complaints they have with your app. If users note issues, they can tell you about it and you can craft a patch which will fix the apps’ vulnerability. Furthermore, a strong user feedback system has benefits beyond ensuring your app is safe.

 

This article has been edited and condensed.

Simon Crompton is a freelance journalist and entrepreneur running several online businesses including his marketing firm, Threecolors.blue. Simon spends the majority of his time blogging about business startups and consulting on web development. He has launched multiple online companies. He is also a dedicated follower of fashion, and has written for the Financial Times and GQ. Connect with @PermanentStle on Twitter.

In this article