Navigation path

(
 
)
3.85/5 | 46 votes

EU updates smartphone secure development guideline

(
 
)
5/5 | 1 votes |

The European Union Agency for Network and Information Security (ENISA) has published an updated version of its Smartphone Secure Development Guidelines. This document details the risks faced by developers of smartphone application, and provides ways to mitigate these.

Part of the cover of the ENISA guidelines

The original version of the Guidelines was published in 2011. The update was made available on 10 February. “New developments in both software and hardware have been translated into new significant threats for the mobile computing environment, highlighting the need for an update”, ENISA writes.

The guidelines detail 13 types of risk, including sensitive data, software flaws and (abuse of) biometric sensors. For each, the ENISA experts provide recommendations to reduce the risk of abuse. For example, to identify and protect sensitive data on mobile devices, ENISA recommends that software developers begin with classifying in the design phase data storage for passwords, personal data, location, and other sensitive records such as error logs. They can then process, store and use these data according to its classification, and validate the security of API calls.

The guide includes three new sections, on device and application integrity, on protection from client side injections, and on the correct usage of biometric sensors. ENISA warns for example that mobile apps that interact with other apps or sensors can pose security risks, and recommends building-in checks. They ask developers to always check for biometric sensors, such as a fingerprint reader or iris scanner, and make sure these are used correctly.

More information:

ENISA Smartphone Secure Development Guidelines

Information

Geographic coverage:
EU Institutions, Europe
Themes:
eGovernment

Subscribe to newsletter

You will receive news and links to the most interesting developments...