Mobile apps continue to go viral. With the pandemic, mobile apps have gained adoption faster than ever before. As a result, apps have gone from a few users to hundreds of thousands of users seemingly overnight. Along with this success comes increasing demands for new features, including security features. Mobile users expect app makers more than ever before to protect them. But the mobile development cycle is more than developing the app. In addition to development, it involves strategy/planning, design, deployment, and maintenance. Each phase is critical to success. Not accounting for the hidden costs of building secure mobile apps can delay releases, resulting in lost revenue. These costs include:
1. Infrastructure services
These services include components such as where the app is hosted, where data is stored and how the data is delivered. As bad actors continue to exploit mobile apps, securing data in the app and the data coming from the app has become more crucial. In addition, app development tools, libraries and support need to be accounted for. Addressing programming language dependencies can require additional development time. Android encryption libraries or SDKs for Java may not work for Kotlin. In Android, there’s also the native C or C++ layer (for native libraries) to consider, which may require a completely different implementation or library, which would come with its own set of dependencies. An example of how library dependencies can delay releases is discussed in this article on mobile payments security.
Many people we work with initially think of security as a build v. buy decision. The initial question they ponder is: do I hire a developer to do this or pay for software?
But it’s not just one dimension, or the cost of the developer. There’s also the cost of revenue lost while the developer is building the security into an app. With the pandemic accelerating the pace at which mobile apps are increasingly used, app makers are losing a lot more money each day their apps are not available. And consumers are demanding security along with new features, as described in the mobile consumer survey data from earlier this year.
In addition to lost revenue, app makers quickly find out there is more to building in the one or two security protections needed at the time. Using mobile SDKs means hidden costs that developers don’t always realize initially. There are native and non-native apps to support. In addition, new OS versions for Android and iOS, new frameworks and new apps to support all compound the work developers have to build security into their apps. On top of that, developers have to build not just one but many security features to protect from attacks, comply with industry standards such as PCI or financial regulations.
All this complexity requires:
While you could hire developers to implement security features, the next question is: do they have knowledge of security to build in the security features? In addition to the skills, do you have enough developers to handle all the apps you need to support now and in the future? Do you have enough developers to implement multiple security SDKs?
Since most mobile developers are focused on creating new features, training developers to become security experts is no easy task. How long will it take for them to master encryption? Malware prevention? Preventing MitM attacks? Preventing overlay attacks? Code Obfuscation?
2. Functional Services
These are services needed to execute the features of your app and include push notifications, social and chat, SMS and email. Push notifications are messages that pop up on a mobile device, for example prompting a user to take an action, such as downloading a coupon or receipt. See this article about how you can use Appdome to build a secure PWA that can display push notifications sent from Firebase Cloud Messaging.
3. Maintenance and Ongoing Technical Support
These costs add up and include iOS and Android updates, app update submissions, bugs and maintenance costs. As security and fraud prevention are features that have to be built in, these updates, submissions, bugs and costs increase as the number of apps and app releases goes up.
As your apps evolve, the framework or programming language your app is built in may change. Does the SDK you have support the framework or programming language that your app is built-in? If not, does the vendor have plugins? And how much extra work is it to implement the plugin to reach a specific framework?
Building in Mobile App Security and Fraud Prevention
Many Mobile DevSecOps vendors will tout they have solutions to address security in mobile apps. But these solutions focus on testing and scanning to identify vulnerabilities. The reality is testing or scanning is not enough. Developers need to BUILD in security and fraud prevention, not just identify vulnerabilities. Protect against threats.
Augment software engineering with Appdome as co-developer. Rather pay for the rapidly growing costs due to complexity in new support required and threats, use Appdome. First, you don’t have to lose revenue or risk costly attacks/fraud as you’re waiting for developers to build the security into your app. Second, you address the new requirements for OS, frameworks, apps with a machine. Finally, you can cost effectively and quickly build in new security features and address ever new threats with Appdome—without the rapidly rising costs.