Mobile Application Security
Mobile Application Security assures that user-requested or agency developed mobile applications fully and consistently meet agency security requirements.
Mobile application security covers a wide range of services, including securing voice and data communications, email, calendar, web browsing, contacts, mission-specific information and applications, government and agency-specific applications, and personal information.
Mobile device computing power and storage, networking capabilities, and sensory features have the potential to enable numerous privacy and security risks for an agency including:
- Malware which can read or modify sensitive data;
- PII collected either from a device or from the public;
- SQL injections;
- Unauthorized access to information or resources;
- Modifications to the system or application; and
- Compromised data storage or transmission.
Mobile application security begins with the design of the application and continues through the life of its use. Department of Homeland Security (DHS) and Office of the Chief Technology Officer (OCTO) have put together a Mobile Application Playbook [PDF - 2.78 MB] to help guide you through the process.
Also, the Department of Homeland Security (DHS) has submitted a report to Congress that details current and emerging threats to the federal government’s use of mobile devices and recommends security improvements to the mobile device ecosystem.