Mobile devices, and the applications that run on them, are more embedded into business-critical workflows than ever before. Yet the security of the applications running on these devices is questionable. Researchers found that in the official Android store, the Goldoson Android malware, which can collect data on installed apps, WiFi and Bluetooth-connected devices, was detected in 60 legitimate apps with 100 million collective downloads. Additionally, according to a recent Verizon survey of enterprise organizations, 59% of IT leaders allow employees to access work email from their personal phones/devices increasing the risk of a compromised mobile application affecting their organization.
Mobile devices are an attractive target for many reasons, in part because the applications that run on them have access to sensitive data which can be profitable. This risk is so critical that the Open Worldwide Application Security Project (OWASP) Top 10 Mobile Risks for 2024 list of vulnerabilities includes insecure data storage. Organizations that develop and deploy mobile applications for their employees, customers, and partners, need to ensure thorough testing of their mobile applications.
Building with data security and compliance in mind, particularly in highly regulated industries, is critical. The risks are significant. There is a delicate balance of developing mobile applications at the speed of the market with building them securely. Data security compromise can lead to loss of business, reputation, and significant legal penalties for compliance violations and class action lawsuits.
Much of the challenge around building security, particularly data security, into mobile application development cycles, is due to the time and cost to perform deep security testing on jailbroken or rooted devices. It is critical to test using these devices to understand how application data is stored and could potentially be exploited. In addition, building, testing, and enabling security for mobile apps is often a siloed process with limited visibility.
Developers, testers, and security teams each use their respective tool stack, and sharing information is a manual, time consuming process. Moreover, mobile application security testing tools alone are not sufficient for testing for mobile application data security and compliance. However, there is a better way, and in this blog series we’ll cover 5 reasons why you need a virtual hardware platform.
Reason #1 Physical Devices Are Time Consuming and Have Limitations
Organizations try to solve the challenge of building and testing secure mobile apps by buying and bringing a few mobile devices in- house to test during the development process. However, mobile devices are expensive to procure, difficult to maintain, and introduce long wait times and delays in the development process. The procurement of a physical device is costly financially and resource-wise. The use of physical devices can add days of time to the application development process since the team must spend cycles waiting for procurement and budget approval, shipping time, and configuring and setting up the devices before testing can occur. This method just isn’t scalable for testing in a large enterprise with a large volume of applications. Logistics of shipping devices between members and locations causes delays in application development, and securely managing sensitive data on the device also adds a layer of complexity.
There is also the complexity of keeping up with constant testing on the latest mobile device models, which can get costly, especially if multiple devices are needed for testing. And there is also the decision of how many models and which ones to procure to ensure thorough testing. By the end of 2024, Apple had launched 46 distinct iPhone models since 2007.4 and Android’s approach has resulted in thousands of vendors offering tens of thousands of Android devices. Physical devices have to be managed individually, so testing across multiple configurations requires additional effort and once devices are purchased, they also require time- consuming maintenance including updates and hardware repairs.
However, the even more significant time allocation for physical devices is the time spent on device configuration and jailbreaking or rooting and set up. Mobile application security testing is allocated a finite window of time, so every hour is critical. Setting up complex network security testing or rooting or jailbreaking to remove restrictions from a device so apps can be installed and tested, takes time away from doing exploit and vulnerability testing of the application. Additionally, devices that run iOS continue to be made more secure and more difficult to jailbreak.
Want to get the rest of the reasons to switch to a virtual hardware platform? Click here to download.
Interested in seeing how a virtual hardware platform can transform your mobile app development? Click here to get a free trial.
