|The following is an excerpt taken from the article, “Developing a Mobile App? Follow These 12 Tips for Protecting and Securing User Data .” For more information please visit www.sba.gov.|
Developing a Mobile App?
Don’t store passwords in plain text
Protect user passwords by avoiding plain text storage on your server. Use an iterated cryptographic hash function to hash users’ passwords and then verify against these hash values. (Your users can simply reset their passwords if they forget.)
You’re not done once you release your app. Stay aware and communicate with your users
Once your app is out there and available for download, stay involved with its security. Update security libraries, push updates out to users, and use user feedback to help you spot and fix vulnerabilities.
If you’re dealing with financial data, health data, or kids’ data, make sure you understand applicable standards and regulations
If your app deals with kids’ data, health data, or financial data, ensure you’re complying with relevant rules and regulations, which are more complex. The FTC offers details on the regulations that your business needs to be aware of in the following guides:
- Children’s Privacy
- Gramm-Leach-Bliley Act
- Health Insurance Portability and Accountability
Act (HIPAA) Security Rule
- Health Breach Notification Rule
The Bottom Line: One Size Doesn’t Fit All
There are no hard and fast rules for app security. The FTC clearly states that it expects app developers to shoot for reasonable data security practices and doesn’t prescribe a one-size-fits-all approach. For example, if you are developing a basic app such as an alarm clock or flashlight that collects little or no data, then this is going to raise fewer security considerations than a location-based social network or, let’s say, a health-monitoring app. These apps may use remote servers to store user data, and as a developer you’ll need to secure your app from end-to-end. This includes the software, as well as data transmission and servers.