Paranoid Guide to App Security

updated 7 days ago

How you define the success of your app? Build a next social network and reach massive user base? Or focus on B2B market and strike a deal with large enterprises?

With great popularity comes great responsibility (for data).

If you build for consumers, a data leak from the app or security vulnerability may ruin your reputation.
If you target enterprise, any security incident may result in severe fines or losing a contract. This may be life or death of a company.

Know your adversary and prepare

First important takeaway is to adjust paranoia level to context. It ranges from candy-crushing game to mobile banking, and you should find your spot somewhere (possibly in between).

Practitioner’s guide to securing mobile application

I do not want to spoil any fun here, but the core of the talk is going to be a list of techniques which make your app secure. It will focus on app-level security, but a few points on backend communication is going to be made.

The list is compiled based on my experience and a couple of security audits that my projects have undergone.

The talk is considered to be technical, but I'll avoid boring audience with source code: most of the techniques presented apply to Android ecosystem.

As this is paranoid’s guide, you don’t have to, and probably you shouldn’t follow all the recommendations. But it’s good to know them all.

Suggestions