Be sure to understand users’ tendencies in order to implement proper security measures in your mobile app
This is a guest post from Cassie Phillips, a writer for SecureThoughts.com, a blog that provides advice, guides, and support that help everyday people protect their digital communications, actions and discussions.
When you’re designing a mobile app, there are tons of different things to consider.
What you want the app to do, your target market, which OS’s to support, whether your app will be free or paid—all of these things go through the minds of mobile app developers.
But you also need to consider the security of your mobile app. Though security may be a second thought to many users, if your app suffers a security breach, you can be sure that your app will be uninstalled by many of these users.
Well-designed apps protect users from foul play or potential sabotage by others. A good app is sensitive to the needs of the user and is created with those very human considerations at its core.
Here are a few common human behaviors to consider for the security of your mobile app.
People forget things
If your mobile app is one that requires users to log in, you need to plan for users who forget their usernames and passwords.
Forgotten login details can really diminish the usefulness of your app. While you want to ensure users can regain access to their accounts should they have a lapse in memory, you’ll need to be sure it isn’t too easy for outsiders to gain entry as a result.
Many apps offer a “forgot your password” service. Security questions are a popular way to help a user regain their login details, but often the questions asked are easily researched by anyone with an account on Facebook or other popular social media platforms (sometimes even Google). Avoid offering questions about basic personal information, such as names and dates.
It might be tempting to have your app auto-login and stay logged in. But just remember that if someone loses their device, then other parties could gain access. Weigh what your app does (a game vs. a purchasing platform) when making that decision.
People don’t always connect safely
As a result of imperfect mobile coverage and limited data plans, users frequently connect to public WiFi to access better connectivity. Countless internet tropes and jokes poke fun at WiFi being the sure sign of civilization and habitability.
Unless your users are connecting with a Virtual Private Network (VPN) to encrypt their internet, you should consider providing a warning in your mobile app.
Unsecured WiFi is a great place to get hacked, and most users don’t know about the dangers associated with it. If you handle any sensitive information at all, tell your users about the risks of connecting via public WiFi.
People share a lot
In a social world, users share all kinds of experiences. Moments that were once very private or held only between a few people are now visible to anyone who cares to look.
As a result, user privacy is at an all-time low. Admittedly, this is a trend by choice.
Some mobile apps don’t allow users to choose what they can and cannot share and who they want to share with. If your app involves any type of social interaction or connection between users, it’s imperative that you allow them to select what other users can and cannot see.
More than that, privacy options such as this should be obvious and easy to change. Should you have a change in privacy policy, be sure to inform your users right away. Not only will they appreciate it, but it will boost the public integrity of your company.
People like to be notified…until they don’t
Notifications are really helpful at times. They remind users about events, deals, and time-sensitive information. There’s no reason your app shouldn’t have notifications if you expect users to interact with it on an ongoing basis (excepting perhaps apps such as the Flashlight).
But notifications can also be invasive if overused. Too many notifications can bombard users and can quickly become a nuisance if a user is trying to work in a different app.
Ensure your notifications aren’t going to pop up with any private information, either.
Notifications are no different than other considerations because the threats are largely on the outside. Users themselves may not be a threat to themselves, but those surrounding them may have prying eyes.
People procrastinate
From personal experience, I can say there’s nothing worse than not being able to use my favorite app because there’s been a critical update.
But the developers who require their users to update their mobile apps are actually doing their users a favor. Such updates can fix holes in security and prevent vulnerabilities from being exploited.
By not requiring updates, you expose the less savvy users to easily avoidable threats.
Being clear with the reasons for the app update may help users be more open to updating in a timely manner.
Just be sure not to break anything with the new version, which could lead you to a slew of bad reviews and angry comments, even from long time users.
Realize that no amount of urging can prevent some users from putting off what can be done today until tomorrow.
Conclusion
No mobile app developer or company is immune to simple human error. There will always be situations where you can’t predict how your users will behave in different circumstances.
Understanding how your users’ utilize your app, and aligning that with the proper security techniques is paramount.
Always listen to feedback from your users and learn from other company’s security mistakes. Be proactive with your mobile app’s security and able to react and learn quickly if something goes wrong.
So what will you do to safeguard your app from these human behaviors? Comment below to tell us about your experiences and what you did to fix problems in the past.
Like this post? Please share it! Then follow us on Twitter @thorntech and join our mailing list below for future updates.
Image courtesy of Ervins Strauhmanis on Flickr
