There’s no denying today the explosion in the number of mobile applications available in stores (900 million in Android and iOS Stores). This high number of apps has also brought about other real-life considerations related to security and data integrity. In fact, uploading an app to a store is now accessible to any old geek that has mastered Objective-C, Java or HTML.
But, even if the user experience must be at the very core of the marketing department’s preoccupations, integrity of the data that is going through internet must surely also be another key consideration to be taken into account.
This article outlines different lines of thinking that should be taken into consideration between the IT Department and Marketing at the upstream stage of production.
When thinking through a project nothing is more important than data and the following questions should come to mind:
– What data should be posted and what segment of the market is being targeted?
– Where is the data?
– How to get hold of that data?
– How to guarantee the integrity of the data?
Mobile Platforms such as iOS, Android and Windows Phone don’t provide the possibility of connecting directly with a database and the majority of mobile applications get their data through public-internet sources.
Would any administration network in its right mind publically provide its Oracle base or SQL for all and sundry to get their hands on via the internet?
Setting up a VPN (Virtual Private Network) between the information system and the user might well be a viable solution. But, it is often both expensive and time-consuming to do so where the user is concerned.
Another solution might also be creating a web service or secure API that would only display the required data at the front end.
From then on, part of the database of the company will be publically available and so a security check would have to be set up so as to identify the user. The user would have to sign up for this logically before.
At this point the Marketing Department would be happy since it would have managed to get hold of information about its user and the IT Department would have secured its application systems.
Securing information systems is good news. Guaranteeing user security is even better. In sum, one question springs to mind: is the smartphone user really the one that signed up?
What needs doing is protecting against all types of attacks that aim to get hold of user data; the final objective being of course identity theft via the server and then carrying out of unwanted operations (buying, ordering, bidding, profile modifying, etc.).
To set up such protection, the IT Department would have to provide a SSL certificate with a system of time-limited access tokens so as to prevent any sniffing or “man-in-the-middle” types of attack. This is exactly why it is essential to include the IT Department in any development phase of such a project.
Here’s another bit of advice for Marketing. Some smart aleck could end up taking your application (turning it into malware) and using it in shops where you have no market presence. You’ll need to exercise constant monitoring of what’s going on and provide your security guidelines if necessary on the adequate platforms. This doesn’t need to apply to Apple which only has a single store and which enforces drastic filtering at the point of entry. But, Google is reputed to be more relaxed at entry and certain apps can be downloaded from outside of Google Play.
Just by taking these essential points into consideration while in the upstream stage of the project and every party involved in the delivery process of a mobile application will have a clear idea of the objectives and the risks involved in a project. The delivery and acceptance-testing process will be so much easier as a result!