Passwords, Communications Plan, and Regulations

The following is an excerpt taken from the article, “Developing a Mobile App? Follow These 12 Tips for Protecting and Securing User Data .” For more information please visit www.sba.gov.

Developing a Mobile App?

Don’t store passwords in plain text

Protect user passwords by avoiding plain text storage on your server. Use an iterated cryptographic hash function to hash users’ passwords and then verify against these hash values. (Your users can simply reset their passwords if they forget.)

You’re not done once you release your app.  Stay aware and communicate with your users

Once your app is out there and available for download, stay involved with its security. Update security libraries, push updates out to users, and use user feedback to help you spot and fix vulnerabilities.

If you’re dealing with financial data, health data, or kids’ data, make sure you understand applicable standards and regulations

If your app deals with kids’ data, health data, or financial data, ensure you’re complying with relevant rules and regulations, which are more complex. The FTC offers details on the regulations that your business needs to be aware of in the following guides:

The Bottom Line: One Size Doesn’t Fit All

There are no hard and fast rules for app security. The FTC clearly states that it expects app developers to shoot for reasonable data security practices and doesn’t prescribe a one-size-fits-all approach. For example, if you are developing a basic app such as an alarm clock or flashlight that collects little or no data, then this is going to raise fewer security considerations than a location-based social network or, let’s say, a health-monitoring app. These apps may use remote servers to store user data, and as a developer you’ll need to secure your app from end-to-end. This includes the software, as well as data transmission and servers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: