You’ve tested every aspect of your mobile app – functionality, usability, security, performance and other types. You’ve tested it with simulators and in the wild. You think you’ve covered almost every angle and that it’s essentially bulletproof, but you forgot the biggest cause of app failure: People.
Yeah, those guys. According to PC World, nearly 80 percent of the vulnerabilities discovered in mobile apps are not the fault of the application code itself, but rather the result of human error.
According to the HP 2013 Cyber Risk Report, though, the application itself is not to blame for most vulnerabilities—you are. HP compiled data from 2,200 applications scanned by HP Fortify on Demand and reports that 80 percent of the vulnerabilities discovered were not the fault of the application code itself.
“Many vulnerabilities were related to server misconfiguration, improper file settings, sample content, outdated software versions, and other items related to insecure deployment,” the report states.
In other words, it’s not your fault! That said, there are some things you can do as testers and developers to minimize the risk of human error. Let’s take a closer look at some the causes mentioned in the article:
Both the iOS and Android platforms give developers the ability to encrypt data that’s stored within the mobile app. The problems is, many developers neglect to include this feature and many testers fail to account for it as well. These days, apps that do NOT store some type of personal data are the exception, so if you want to save users from themselves, it’s best to consider encryption as the default option.