The Cloud Security Alliance Mobile Application Security Testing (MAST) Initiative
Any company that has created and run its own mobile application knows of the benefits associated with that application’s existence. Mobile apps can give businesses far reach into their clients’ lives, whether or not those clients are other businesses or consumers. The use of mobile devices among businessmen and laypersons is so pervasive that businesses cannot afford to be without their own branded app.
The benefits of having a mobile app, however, do not come without their counterparts. Challenges such as device compatibility and security arise; security, especially, becomes an important issue when businesses choose to use the cloud to store their information or provide services like many of them do.
This is why cloud computing awareness groups such as the Cloud Security Alliance (CSA) have gained support from the broader computing industry. CSA works to educate businesses across the globe about how they can protect themselves and their apps’ end users from vulnerabilities associated with the cloud and mobile use. It recently created the Mobile Application Security Testing (MAST) Initiative and released an associated white paper that recommends best practices that developers in any industry can follow when creating and maintaining mobile apps.
MAST initially lays out a number of static and dynamic tests that developers can perform to make sure that their apps function in an adequate manner on Android, iOS, and Windows operating systems. Some of these tests address the seemingly harmful effects of mobile app use such as power consumption, which may become dangerous or a sign of misuse when power drain becomes excessive. Tests also look at how apps ask for permissions to use, among other assets, the camera, speaker, and file storage of a user’s device. They also address how apps collaborate with other apps on a hard disk and in the cloud.
MAST then goes further by addressing how an app communicates with the outside world through assets such as global positioning satellites and near-field communications devices. Most mobile phones have the ability to seek contact with satellites and NFC units, so it is important that apps are only allowed to communicate with other hardware in a friendly manner and when the user knows such communication is taking place.
Douglass Lee, the co-chair of the CSA Mobile Application Testing Initiative, said that his group’s initiative is important because it brings the whole cloud computing community together around a common core. He indicated that CSA is now ready to make recommendations about mobile app testing and that it will continue its mission by developing processes for security incidence response. In that way, his group will have covered the steps businesses can take to protect themselves and their clients before the fact while also addressing the reality that incidents can take place and that businesses may have the power to contain any damage.
Edited by Peter Bernstein