BANGALORE, INDIA:The proportion of mobile devices providing open platform functionality is expected to increase in future. The openness of these platforms offers significant opportunities to all parts of the mobile ecosystem, enabling flexible program and service delivery options that may be installed, removed or refreshed multiple times in line with user needs.

However, with openness comes the responsibility to stop unrestricted access of mobile resources and APIs to applications of unknown and untrusted origin. This can lead to a major security breach which may result in damage to a user's device, the network or all of these, if not managed by suitable security architecture and network precautions.

Interestingly, with the marketshare of mobile user equipment with open operating systems steadily shooting up, expectations are high. The openness here offers clear benefits to customers, device manufacturers, software developers and operators as it acts as a catalyst for the development of rich and compelling applications. However, these also pose challenges and risks which ultimately leads to the birth of more malicious applications which are  likely to increase in number and complexity. Therefore, mobile application security is a key issue for the mobile industry.

It is provided in some form on most open  mobile device OSes. Industry groups have also created recommendations including the GSM Association and Open Mobile Terminal Platform (OMTP) for this. There are over 4 billion devices in use worldwide. Moreover, mobile phones have become a proximity devices for the user, something which is always there on hand and convenient in use. This convenience has resulted in an explosion of mobile applications such as mobile banking, gaming, etc. All these applications require security, and as a result, mobile application security is gaining in importance.

Best practices in mobile security

The processes to be followed while designing security applications for mobiles, depend on organization concerned. Some use symmetric encryption like AES and 3DES, which are basically the same standards for mobile application security as for hardware based authentication devices. Some best practices which can be followed while designing mobile security applications are leveraging SSL, following secure programming practices, validating inputs, leveraging the Permissions Model used by the operating systems, using the Least Privilege Model for System Access, signing the application's code using encryptions, using Secure Mobile URLs and encouraging a safe browsing environment.