Blog

Data Security in Web and Mobile Applications

Written by Simhachalam Chukkala | Nov 29, 2016 4:02:00 PM

Data security is a major concern with both mobile applications and web applications. In this blog, one of our experts will explain in detail the best ways to keep your data secure during mobile app development.

What Data Should Be Secured and What Types of Security Threats Your Apps May Be Facing

Any data that can be considered priveledged or sensitive, such as user credentials, payment-based information, personally identifiable information, et cetera, can be exposed to security threats.

Navigating the web can be tricky when it comes to keeping your information safe. Always check to see if the URL (or link) begins with HTTP or HTTPS. Any data transmitted via HTTP is insecure, and therefore vulnerable to intercepting HTTP protocol that will capture transmitted date, potentially leading to a security threat. HTTPS is the secured version, protected by either SSL (Secure Sockets Layer) or TLS (Transport Layer Security). HTTPS is considered far more secure as the data that is transferred is encrypted. HTTPS is typically used for confidential transactions such as purchasing or online banking.

Want a free, secure mobile app for your next event? Click here to learn how we can help.

What You Can Do to Protect Your Data

One way V-Soft handles data security during mobile app development and maintenance is by implementing API Level Security through SSL.

SSL does two things for data security:

  1. It encrypts sensitive information by inserting random characters into the original information, rendering it incomprehensible to anyone without the proper encryption key.
  2. It provides authentication through a secondary server certificate that is issued when an SSL certificate is accessed. This acts as a mediator between browsers and SSL servers to show that the SSL certificate provider can be trusted.

Does My Website or API have SSL?

The main ways to tell if an API or website has SSL are:

  • The URL says "https://" rather than "http://" (See the above image for reference)
  • A padlock icon shows up in the URL bar 
    • If you click this icon, more information can be accessed about the website and company that provided the certificate

Most Effective Ways to Achieve Data Security

App-Level Security

Encryption is the most effective way to achieve data security. The sensitive data in all applications developed by V-Soft is encrypted with complex algorithms such as RSA, AES and DES.

High-Security Measures for Your Mobile Apps

V-Soft uses these measures to make sure your data on mobile apps is protected:

  • Built-in ability to clear app data (a data wipe) in case of compromised information from a web download
  • Ability to detect and deny app running on rooted or jailbroken devices
  • Run checksum on the app's core files to detect of a hacker has tampered with it

Server Side Security Measures

In addition to the above data security measures, a few things you can also do to protect your sensitive data are:

  • Use HTTPS back end for all API calls
  • Make sure authentication expires after a reasonable amount of time
  • Put API call limits on the server side

In addition to these security measures, V-Soft employs measures such as Proguard and OAuth2 authentication.

To learn more about V-Soft's mobile app development for business, click here.

 

About the Co-Authors

Manoj Iragavarapu is Practice Head for Mobile Solutions at V-Soft Consulting. He's a mobile enthusiast and founder of sports based mobile startup Chauka. Apart from Cricket, developing process flows to build a mobile app churning “factory” is his passion. Don't miss the opportunity to connect with connect with Manoj on LinkedIn here.

Simhachalam Chukkala -- better known as 'Sim' -- is a Project Lead for V-Soft's Business Solutions team. He is based out of Hyderabad, India. Sim has a Masters in Computer Applications (MCA) and several years of experience in development. Connect with Sim on LinkedIn here.