|The following is an excerpt taken from the article, “Developing a Mobile App? Follow These 12 Tips for Protecting and Securing User Data .” For more information please visit www.sba.gov.|
Developing a Mobile App?
Don’t rely on a platform alone to protect your users
Platforms may offer features to make security easier, but it’s up to you to understand them. Use them properly, and explain them to your users in everyday language.
Create secure user credentials
If your app requires that users create usernames and passwords, make sure that these credentials are secure and appropriate to the nature of your app. For example
, a social networking app would require a higher level of authentication (password strength requirements) than a gaming app.
Encrypt any data that is transmitted
Use transit encryption (SSL/TLS in the form of HTTPS) to secure usernames, passwords, API keys and any other important data that is transmitted from a device to your server. This is particularly critical because many users use un-secured public WiFi networks to access apps. If you use HTTPS, use a low-cost digital certificate from a reputable vendor and ensure your app checks it properly.