Mobile Application Security

Mobile Application Security assures that user-requested or agency developed mobile applications fully and consistently meet agency security requirements.

Mobile application security covers a wide range of services, including securing voice and data communications, email, calendar, web browsing, contacts, mission-specific information and applications, government and agency-specific applications, and personal information.

Mobile device computing power and storage, networking capabilities, and sensory features have the potential to enable numerous privacy and security risks for an agency including:

  • Malware which can read or modify sensitive data;
  • PII collected either from a device or from the public;
  • SQL injections;
  • Unauthorized access to information or resources;
  • Modifications to the system or application; and
  • Compromised data storage or transmission.

Mobile application security begins with the design of the application and continues through the life of its use. Department of Homeland Security (DHS) and Office of the Chief Technology Officer (OCTO) have put together a comprehensive playbook [PDF - 2,854 KB] to help guide you through the process.

Last Reviewed 2016-08-02