Mobile Application Security Framework for iOS

Abstract

Mobile application security is one of the emerging topics in the industry with the advent of powerful mobile devices with advanced features. More than one billion mobile devices are sold every year, surpassing the sales of laptop machines, and it is apparent that the mobile device has already become an integral part of the lives of humans. With the advent of smartphones, more and more application developers have started building applications for the same smartphones. By the year 2014, the Apple App Store had an app count of 1.3 million with the downloads numbering 85 billion. Further, with the mobility and connectedness provided by smartphone a lot of enterprises are moving towards enabling their employees to work on their personal mobile devices by enabling the bring your own device concept. Most of the applications available in the public app stores are not built with security in mind since the developers are often motivated by time to market and reducing the development cost. This has attracted a lot of attackers from various sources to exploit the vulnerabilities in the mobile applications and the supporting environment with malicious intent.A mobile application security framework for iOS was proposed with three key components, namely, mobile security reference architecture based on industry standard reference architectures, mobile application security checklist based on industry standards and best practices and secure coding SDK for iOS to protect data-in-motion. Based on the evaluation it was found that the proposed mobile security reference architecture was a complete solution due to incorporating best practices from several domains, the developed checklist ensured that the security conformance of the application was increased and the SDK could be extended to support additional features.