A Developer-Centric Study Exploring Mobile Application Security Practices and Challenges

TL;DR

This study provides a developer-centric analysis of mobile app security practices and challenges through a global survey, highlighting key issues, resources used, and areas for improvement in security education and tooling.

Contribution

It offers new insights into developers' security practices, challenges, and resource reliance, filling a gap in understanding mobile app security from a developer perspective.

Findings

Developers prioritize security features like authentication and secure storage.

Challenges include managing vulnerabilities, permissions, and privacy concerns.

Many developers feel current training materials are inadequate.

Abstract

Mobile applications (apps) have become an essential part of everyday life, offering convenient access to services such as banking, healthcare, and shopping. With these apps handling sensitive personal and financial data, ensuring their security is paramount. While previous research has explored mobile app developer practices, there is limited knowledge about the common practices and challenges that developers face in securing their apps. Our study addresses this need through a global survey of 137 experienced mobile app developers, providing a developer-centric view of mobile app security. Our findings show that developers place high importance on security, frequently implementing features such as authentication and secure storage. They face challenges with managing vulnerabilities, permissions, and privacy concerns, and often rely on resources like Stack Overflow for help. Many developers find that existing learning materials do not adequately prepare them to build secure apps and provide recommendations, such as following best practices and integrating security at the beginning of the development process. We envision our findings leading to improved security practices, better-designed tools and resources, and more effective training programs.