18

Jan

Mobile applications and security

Posted by Andrea 
Secure Mobile Applications article

It’s a bit worrying when a Microsoft engineer starts an article about mobile security with

“Security” and “mobile application development” rarely appear in the same sentence.

Never fear, it’s just his way of getting your attention. The convenience factor of handhelds makes the application of robust security procedures more than a little difficult. However, it should always be noted that a handheld is a computer, just like your desktop or laptop, and we all know what chaos ensues when an employee loses a laptop!

As author Marcus Perryman notes,

User interface design is very tricky for the restricted screen real-estate and the limited input of a numeric keypad. It’s important to get the balance right between the amount of information displayed and the number of key presses needed to access data. Passwords are an integral part of this challenge. Making users enter a 10 digit alpha numeric password every 30 seconds might mean the corporate security officer gets a good night of sleep, but it’s likely to make users simply switch the device off and use pen and paper. Plus there is always the risk of users taping the password to the back of the device (I’ve seen it happen!).

In these circumstances, the trade off might consist of removing some restricted data from the mobile application in order to allow for a shorter password. Or, consider a two stage lock in which the user is required to enter the full password at less frequent intervals and a short PIN number to confirm the user identity at more frequent intervals. Biometrics are available for some devices, and other two factor solutions such as a smart card or card swipe can also simplify user input.

Windows Mobile does provide applications for developers to write secure mobile applications — Cryptography Application Programming Interface (CAPI) and Data Protection Application Programming Interface (DPAPI). So, if you’re a business user, make sure that the applications you download contain the necessary security precautions!

One range of PDAs that uses biometric security is the HP iPAQ 2700 series.

Related Articles

No user responded in this post

Subscribe to this post comment rss or trackback url
Leave A Reply

 Username (*required)

 Email Address (*private)

 Website (*optional)

Please Note: Comment moderation maybe active so there is no need to resubmit your comments