Man hand grabbing lock on phoneCyber security concept man hand protection network with lock icon and virtual screens on smartphone

Safeguard Android Mobile Apps With an ADA MASA Independent Security Review

Despite the growing popularity and economic importance of mobile apps, many businesses fail to prioritize mobile application security and privacy in the development process. While many users assume that mobile apps from reputable businesses safeguard their personal information, even large companies like Tim Hortons can release mobile apps with privacy and security issues. Such mobile application security and privacy breaches can damage your brand, revenue, shareholder value and expose your business to regulatory fines and lawsuits.

With massive mobile user growth and increasing demands for digital privacy and security, governments have been legislating compliance requirements like General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the Health Breach Notification Rule. At the same time, both Apple and Google have improved their respective app stores by providing greater visibility into privacy and how businesses safeguard personal data.

Shining a Spotlight on Privacy Practices

In December 2020, Apple officially rolled out iOS privacy requirements that all developers must submit for iOS App Nutrition Labels. These labels provide users with the privacy practices of each app so they can make informed choices about which apps to download. In order to submit new mobile apps and updates into the Apple App store, developers must self-report the types of data the app collects, how the app collects data, and the purpose of any data collection policies. They must also disclose any third-party code integrated into the app, and explicitly state if the mobile app owner tracks users and sells user data.

Similarly, Google Play recently established the Data Safety program to provide 3.5 billion Android users with greater visibility into the security and privacy policies of the 3.5 million+ mobile apps currently available in the Play Store. As of August 2022, all Android developers must submit a declaration that outlines their mobile app security and privacy practices to add or update an app to Google Play. Some of the details Android developers must disclose include data collection practices, data encryption methods, policies for sharing with third party vendors, and data deletion policies for users.

Once developers self-report their mobile app security and privacy practices, Google reviews the information and then adds it to the data safety section for each app listed in the Play Store. Much like iOS Nutrition Labels, the Google Play data safety section helps Android users clearly understand how mobile apps collect, store, share and protect their data. This helps users make informed decisions about which mobile apps they feel comfortable sharing their data with.

Stand Out With A Independent Security Review

Businesses can now add an independent security review to their Google Play data safety section. App Defense Alliance (ADA) Authorized Labs can validate the security and privacy of mobile apps with a  Mobile Application Security Assessment (MASA). This assessment tests against the Open Web Application Security Project (OWASP) Mobile Application Security Verification Standard (MASVS), a global security standard that establishes a baseline level of mobile application security.

The ADA certified NowSecure as an ADA Authorized Lab to perform independent security reviews. Similar to the Underwriters Laboratory or Good Housekeeping Seal of approval, an ADA MASA tells customers that your business cares about safeguarding user trust by protecting user data. Validated mobile apps will have an independent security review badge applied to the Data safety information in Google Play, signifying that developers went above and beyond to safeguard user data.

Every business should add the independent security review for the following reasons:

  • To enhance and protect your brand by ensuring the protection of user data.
  • To drive more downloads by demonstrating trust. The more users trust a brand, the more likely they will download an app.
  • To gain a competitive advantage in mobile app stores.
  • To uncover privacy and security vulnerabilities developers may have missed.

Businesses should obtain ADA MASA validation for their Android mobile apps to increase adoption and competitive advantage in Google Play by giving users confidence their apps are safe and secure. Learn more about Google Data Safety and ADA MASA validation from NowSecure.

 

Chief Mobility Officer at NowSecure