Six Security Properties Every Mobile App Developer Should Know By Heart

Mike Gualtieri

Think you developed a secure mobile app? Think again. Many mobile app developers have a naive notion of app security that leads them into believing their apps are secure when they are not. Some developers authenticate users and encrypt passwords and think that they’re all set, but there could still be security holes so wide you could sail a ship through them. The results of releasing an insecure app can include financial loss, reputation tarnish, lawsuits, and Twitter shame.

When designing your mobile apps and mobile backend services, be sure to consider the six security properties of confidentiality, integrity, availability, authentication, authorization, and nonrepudiation (see Figure below). Simply considering how each security property applies to your app won't make it more secure. You will need to perform threat modeling on your design and find solutions to secure your app based on your specific technology and use cases. Don't forget that the mobile backend services must be secure too.

Memorize These Six Security Properties 

Mike Gualtieri, Principal Analyst, Forrester Research

 

 

 

 

 

 

 

 

 

 

LANDesk Acquires Veteran Industrial MDM Provider Wavelink

David Johnson

Watching the Mobile Device Management market is a bit like watching a sneeze. My colleagues Christian Kane and Benjamin Gray are tracking nearly 75 vendors in the space, many of them just a few years old. We've also seen a fresh round of acquisitions as established endpoint management vendors look to shore up their flanks and freshen their portfolios.

Differentiation amongst vendors is hard to come by, as is long-term enterprise MDM experience. And that's what makes LANDesk's acquisition of Wavelink interesting. Mobile Device Management in an industrial or field setting is more than just enforcing passcode restrictions, enabling remote wipe in case of loss, or rolling out software. Companies like Wal-Mart and FedEx have significant portions of their businesses that depend on handheld devices for package delivery, inventory and point of sale. MDM in these settings involves a range of capabilities from diagnosing connectivity and printing issues over the air, to interfacing modern mobile apps to mainframe-based warehouse inventory systems.
 
Perhaps the best way to describe what Wavelink does is "Industrial MDM". They boast 15,000 customers in 85 countries, and have been in the business for several years. The flagship product is called Avalanche and its historical strengths have been in Windows Mobile environments. They added iOS and Android a couple of years ago and are about to release their 2nd generation release of the same.
 
Why it makes sense for LANDesk:
  1. Competitive: It gives LANDesk the opportunity to own the IP for MDM technology and positions them differently than other MDM solutions on the market given Wavelink's industrial focus.
Read more

Impact Of Real-Time Decision-Making With Mobile

Julie Ask

I saw this article today on augmented reality. It doesn't use the phone — it uses Google Goggles, but you can imagine it as an application on a mobile phone.

The AR glasses makes the food products you see look bigger through the lenses so users eat less. [See article.] You can imagine more scenarios, though, with a mobile phone along with its processing power and contextual information about the user. If I walk in to a sandwich shop, for example, I can scan the options with my phone to find a sandwich that fits my calorie and nutritional requirements. (I spend a lot of time in airports so would love this). Certainly if I pick up a candy bar, I can read the nutritional information or calorie count.

I go back to trying to answer this question, "how does access to real-time information improve our lives — and not simply addict me to accessing information constantly like checking email or Facebook updates?" Health, wellness, and financial services among others are where I see some bigger opportunities.

Google Buys QuickOffice And Embraces The App Internet

Ted Schadler

Google just bought QuickOffice. I think that means they now get the App Internet and are moving beyond pure Web.

The App Internet is the future of software architecture and the foundation of how people get stuff on their mobile devices (we call that mobile engagement). The App Internet means native (or hybrid HTML5) apps on mobile and desktop devices that use the Internet to get services. It's the native app that makes the user experience good. It's the Internet that makes the user experience relevant to life.

Google has been "pure Web," meaning that they don't want native apps on any device. Of course, they've been moving slowly away from that pure architecture for years now even as its marketing rhetoric has denied it. Remember that when iPhone shipped in 2007 it had a native Google app called Maps on it. And they have readers on their Android devices.

In the meantime, QuickOffice has been growing handily because it gets the App Internet -- any device, anywhere, anytime using a native app. If you want to read or edit Microsoft Office formats on your iPad or Android phone or whatever, you can do it with QuickOffice. That has led consumers and information workers and sometimes entire enterprises (in the case of one life sciences company with 15,000 iPads deployed, for example) to use QuickOffice to access and edit the critical documents they need on their tablets.

What does this mean?

  • For Google, it means they've woken up to embrace the App Internet as the way to deliver great user experiences on mobile devices.
  • For Microsoft, it means Google has done another "embrace and extend" play to take keystrokes away from Microsoft Office. And that ahead of Microsoft's purported but unannounced plans to port Office to iPad.
Read more

Categories:

Hey Developers, Make Your Mobile Apps Blazing Fast

Mike Gualtieri

It’s genetic. Humans want it faster. Evidence abounds: The Speedy Weeny microwave hot dog vending machine, Chuck Yeager’s sound barrier record, techno dance, and don’t forget the T-Mobile girl’s alter ego as a provocative motorcycle speed freak. Zoooom.

Read more

What "Design For Mobile First!" Really Means

Ted Schadler

It's been three months since we published "Mobile Is The New Face Of Engagement," and we've learned a lot by listening to CIO customers and industry professionals talk about the stories and strategy of mobile engagement.

The thing that leaves people scratching their heads is the mantra, Design for mobile first! "What does that mean, exactly?," they ask. "Is it about user interface design?" The industry answer is that it's about user experience design, but that's not quite right. Design for mobile first! is really about business design. Let's start with a thought experiment to re-imagine what's possible on a touchscreen device:

Imagine that your service is in your customer's pocket at all times. Imagine what you could do with that honor.

You could serve your customers in their moments of need. You could use data from device sensors and your own data to understand their context, the time of day, where they are, what they did last time, what they prefer, even their blood pressure, weight, and anxiety level. You could design your mobile experience to be snappy, simple, and built around an "action button" to (you guessed it) help them take the next most likely action.

With the right data and predictive analytics, you could anticipate your customer's next move and light up the correct action button before they even know they need it. You could serve them anywhere at any time. Not just give them self-service mobile access to your shrunken Web site or forms-based transaction system, but truly serve them by placing information and action and control into their hands.

Read more

Measuring Mobile Success . . . How Is Real-Time Data Making Your Customers Healthier And Happier?

Julie Ask

One of the key things that differentiates mobile phones from any other device is their ability to deliver a constant stream of real time data coupled with the processing capability to help consumers make a wealth of decisions based on this information. Tablets — we're going to leave home without them, and the majority of connections are over Wi-Fi. Wearable technology collects real-time information and may have applications/display, but we aren't yet seeing devices with the same flexibilty as the phone. The highly anticipated Pebble may yet be the device, but for today, it is the phone. (My colleague Sarah Rotman Epps writes a lot on these devices — see the rest of her research for more information).

With that fact established, my open question is, "Who is making my life better with this ability to process information near instantaneously to help me live a better, healthier life . . .  or at least how I choose to define it?" I think the key to measuring mobile success must lie here — from the perspective of the consumer first before mobile will deliver huge returns in the form of revenue or lower operating costs.

Read more

The New Design-Driven Development Landscape

Michael Facemire

How did we get from single-channel desktop apps…

In the not-too-distant past web-centric software development had a standard workflow between designers and developers.  This was possible because there was a single delivery channel (the web browser) and well-established development constructs. Design patterns like Model-View-Controller had well known coding counterparts such as Java Server Pages, the JSP Standard Template Library or Struts.  But now, the introduction of mobile computing has significantly altered this design-development workflow.  The key disruptor is the need to target multiple mobile devices with a common set(s) of source code. Regardless of whether devs use a single HTML5/CSS3/JS implementation or native implementations on iOS and Android, there’s a greater burden on designer than in the web-centric past.  What’s worse, the success or failure of mobile apps is more dependent on the complete user experience than ever before.  This new reality requires a major shift within development organizations.

…to multi-channel mobile apps?

Read more

Categories:

Introducing Forrester’s Mobile Banking Functionality Benchmark

Peter Wannemacher

Technology is radically changing the way bank customers interact with their providers, and mobile touchpoints are at the forefront of this change. In the past five years, mobile banking adoption in the US has more than quadrupled, hitting 17% by the end of 2011. This represents a compound annual growth rate (CAGR) of more than 33%.

As such, eBusiness professionals and mobile strategists at banks are in a white-knuckle contest to out-do each other in the mobile space. To evaluate and gauge banks’ mobile offerings, we applied Forrester’s Mobile Banking Functionality Benchmark to the four largest retail banks in the US.                                                                                                 

What we found:

  • Big US banks offer solid, not-yet-splendid, mobile services.  We employ 63 individual criteria in our Mobile Banking Functionality Benchmark methodology. The combination of weightings and scores for the criteria generates an overall score based on a 100-point scale. In our inaugural ranking, the four largest US banks posted an average score of 63 out of 100 – above our minimum standards but far from perfect.
Read more

Mobile Backend-As-A-Service: The New Lightweight Middleware?

Michael Facemire

It’s no secret that demand for mobile applications is skyrocketing in both the consumer and enterprise space. To meet that demand, application development shops are continually looking for new ways to accelerate development of apps that meet their consumers’ needs. In response, many new ISVs are beginning to offer a set of cloud-based, server-side mobile services to make app development quicker and easier to deploy. ISVs are referring to those services as “mobile backend-as-a-service” (not a particularly good name, but we’ll use it for now). MBaaS offerings sit squarely between the existing platform-as-a-service vendors and the full end-to-end solution space occupied by mobile enterprise/consumer application platforms (see Figure). I’ll go into more detail on the other layers of this mobile service triangle in the future, but for now let’s take a look at the MBaaS space.

Why should I use an MBaaS solution?

Read more