A mobile application is a software application

A mobile application is a software program that is built for usage in small, usually wireless computer devices such as tablets and smartphones.

Because they are designed for smartphones and tablets, mobile apps cannot be utilized on desktop computers. These applications are almost never preinstalled on a device. These apps are obtained by the device user from distribution channels known as app stores, such as Google Play, Windows Phone Store, Cydia, Get Jar, and BlackBerry App World. Because of the gradual advancement of technology, there are now applications for practically anything. The federal and the state government have realized that since over 90% of the citizens have cell phones, it is easier to use digital strategy to reach the citizens. This white paper lays down an overview of mobile apps sufficient for digital government, the government's and industry's architectural requirements. It goes further to give practical recommendations for enhancing building security in these applications.

Overview of Mobile Applications For Digital Government

To reach citizens, government agencies come up with apps that facilitate feedback from the end user on their interests such as advertising job vacancies. Some of the resourceful applications created by the government include Solve the Outbreak, NASA App, Comet Quest, Leafsnap, and mPig. Solve the Outbreak is an app that was designed by The Centers For Disease Control and Prevention to educate on any outbreak hence save lives. It instructs individuals on how to evade any epidemic and how challenging it is controlling an outbreak. National Aeronautics and Space Administration to teach people more about the galaxies, launch schedules, and any news concerning their missions developed the NASA App. NASA also developed Comet Quest. It is a gaming app where one is the controller of the Rosetta, space probe built by the European Space Agency in 2004 (Janowski, 2015). An individual interacting with this app can learn much concerning the comets. mPig is an app created by the National Severe Storms Laboratory (NSSL) and the Precipitation Identification Near the Ground Project (W-PING). This app helps an individual link up with the NSSL where one collects precipitation information in their area and sends it to the laboratory, an act that increases efficiency in algorithms of weather prediction. Leafsnap is another app developed by the Smithsonian Institution that is used to recognize tree species using photographs of their leaves (Kardous & Shaw, 2014). All these apps are compatible with iPhones, iPads, and Android. These apps are just but some of the government-recognized applications that are very beneficial to the citizens. Currently, the President is a very active follower of Twitter app. This app allows socialization between different people and will enable one to write about their life history, politics, personal schedule, and criticizing various agencies (Bertot, Estevez & Janowski, 2016).

Federal Government Requirements For Mobile Applications Architectures

Due to the increasing number of applications developed on a daily basis, the federal government thought of ways to improve the quality of services delivered by these apps. Secondly, in this fast moving entrepreneurship and creativity era, data security is necessary to reduce the risk of digital snoops and data breaches (Souppaya & Scarfone, 2013). In 2011, the Department of Homeland Security, the Department of Defense, and the National Institute of Standards and Technology developed Mobile Security

Reference

The MSRA is entitled to ensure the integrity and confidentiality of data accessed through cellphones. Mobile device infrastructure put in place three categories of people involved. They include department/agency users, external users and the partner users (Abelson et al., 2015). Figure 1 lists down various components of the architecture and the category of people it serves. Some of the essential structural design that the government focuses are the VPNs, MAM, MAS, MAG, DLP, IDS, and GSS.

Fig 1: components of application infrastructure and category of people involved.

Virtual Private Networks (VPNs) is necessary since it creates secure connections between the cellphone and the government agencies. Therefore, people using unmanaged public networks cannot be able to access unauthorized data within a firm (Williams, Lohner, Harmon & Bower, 2014). Mobile Application Management (MAM) is a tool that manages data and authorizes configuration settings of a particular application installed on a mobile device. Here it is vital that the centralization of the functionality of a specific application be well planned to ensure it can function to secure device authentication, command, and control. Secondly, every application should have a robust troubleshooting and diagnostic tool, store the logging report, and be able to support next-generation technology. Mobile Application Store (MAS) controls application use among the public. Public application stores regulate the use of mobile applications for sale or free use among the people. Every application used by the government agencies need to be approved by the Mobile Application Store.

Each application used by the government must have Mobile Application Gateway. MAG is a piece of software that serves as the network proxy; filters traffic hence provides a focused security protecting the mobile application device. MAGs replace intrusion detection systems in encrypted/ opaque application traffic. Data Loss Prevention (DLP) solution focuses on preventing unwanted transmission of data to mobile devices or unauthorized locations away from the organization. This solution monitors the flow of traffic to mobile devices. Sensitive information is blocked. Therefore, for an application to be considered for use in government agencies, it should have a clear DLP solution (Kiang & Bailon, 2016). Intrusion Detection System (IDS) uses set heuristics to recognize any attack signatures and raises the alarm upon realizing unrecognized traffic. Therefore, in case the connected mobile phones are involved in potentially malicious activities, IDS alarms the agency. Each application should have IDS that protect data from malicious activities. Gateway and Security Stack (GSS) comprises of filter stack that prevents unwanted network traffic from attacking other networked devices. Standard network defenses conduct intrusion detection and improvising protocol filters. The MSRA checks on these application architectures before approving a particular application for use in government agencies.

Industry’s Recommendations For Security Architectures

Sectors concerned with application development have some considerations that they need to put into an account before releasing an application to the market. The first problem is weak server-side controls. It involves any malfunction that an application can cause on the phone. To avoid weak server-side controls, the company should ensure secure coding and configuration of the mobile app. The other problem is insecure data storage in SQLite databases, log files, Plist files, and binary data stores. Insecure data storage can be reduced in companies avoiding overreliance on hardcoded encryption or decryption keys (Knowles, Prince, Hutchison, Disso & Jones, 2015). Another recommendation is threat modeling the operating system to get rid of unintended data leakages. The use of web social media training is beneficial as a way of data security measure. Various industries should train its customers in numerous means through which they can protect their systems from the malicious accesses. This protection may include the use of passwords and key lock systems. Another security measure is the protection of control systems. When unauthorized usage is regulated, hacking attempts can be easily detected on a network (Martínez-Pérez, De La Torre-Díez, & López-Coronado, 2015).

Best Practice Recommendations For Building Security in New Mobile Applications

In enhancing security in new mobile applications, some practices have to be put in place. These activities include implementing security measures right at the application layer. A robust security setting is necessary to ensure that the end user can be able to adjust the security settings to their preferences. The mobile application company should secondly provide that the app does not save passwords. The user should enter their passwords every time they need to log in. It will help reduce malicious logins that can tamper with data. Another recommended practice is advocating app download from only the trusted enterprise stores. Synchronization services should be restricted where organization related apps are maliciously distributed hence risking data security (Zhu, Xiong, Ge & Chen, 2014). Another practice is not limiting tools to anti-malware. Other security means such as behavioral analysis tools can be implemented to increase security. A good example is a Clueful app from Bit Defender. It provides an excellent summary of whether data is encrypted and any case of user anonymity. Another practice is encrypting data in transit. Secondly, container techniques such as the download of sensitive corporate data can help ensure mobile app security. These six strategies serve as the primary recommendations that earn an application entry to the Mobi-Gov awards contest.

Summary

The government plays a significant role in regulating data being shared using various applications. Some of the mobile security components that government agencies take in place include procurement and provisioning considerations, audits and audit trials, authentication and authorization, network segment control and approval, data loss prevention, encryption of data and intrusion detection capability. Industries that design these applications have a more prominent role since now they have to ensure that the app security is well assured and cannot be used to access malicious data. The end user also should ensure that the mobile app they install in their gadgets is approved by the Mobile Application Store (MAS) to be sure of its eligibility and efficiency. Technological change has impacted a significant improvement in the way security is handled. Mobile app serves an essential purpose of giving citizens a chance to access digital services anytime.

Conclusion

In conclusion, mobile applications play a significant role to all people. However, their development requires specialized integrated development environment. Emulators help to check the effectiveness of a given app. It is essential for a company to ensure that the app meets all its meant purposes before releasing it to the public for use.

References

Abelson, H., Anderson, R., Bellovin, S. M., Benaloh, J., Blaze, M., Diffie, W., ... & Rivest, R. L. (2015). Keys under doormats: mandating insecurity by requiring government access to all data and communications. Journal of Cybersecurity, 1(1), 69-79.

Bertot, J., Estevez, E., & Janowski, T. (2016). Universal and contextualized public services: Digital public service innovation framework.

Janowski, T. (2015). Digital government evolution: From transformation to contextualization.

Kardous, C. A., & Shaw, P. B. (2014). Evaluation of smartphone sound measurement applications a. The Journal of the Acoustical Society of America, 135(4), EL186-EL192.

Kiang, A., & Bailon, J. (2016). U.S. Patent No. 9,237,170. Washington, DC: U.S. Patent and Trademark Office.

Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 9, 52-80.

Martínez-Pérez, B., De La Torre-Díez, I., & López-Coronado, M. (2015). Privacy and security in mobile health apps: a review and recommendations. Journal of medical systems, 39(1), 181.

Souppaya, M., & Scarfone, K. (2013). Guidelines for managing the security of mobile devices in the enterprise. NIST special publication, 800, 124.

Williams, B. O., Lohner, M. K., Harmon, K., & Bower, J. (2014). U.S. Patent Application No. 14/558,536.

Zhu, H., Xiong, H., Ge, Y., & Chen, E. (2014, August). Mobile app recommendations with security and privacy awareness. In Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining (pp. 951-960). ACM.