How to Create Secure Mobile Applications: Insights from Mr. Wumi Ariyo at The App Summit 2024
At the recently concluded App Summit 2024, hosted by Fintech Magazine Africa, cybersecurity expert Mr. Wumi Ariyo delivered an enlightening speech on the topic “How to Create Secure Mobile Applications.” His presentation underscored the critical importance of security in the development lifecycle of mobile applications and provided actionable steps to ensure online safety for users, developers, and businesses alike.
Mr. Ariyo opened his speech with an essential online safety talk, highlighting four fundamental steps for staying secure in today’s digital landscape. He noted the following below;
- Enable Multifactor Authentication (MFA): Adding an extra layer of security to account access.
- Update Your Software: Ensuring systems and applications are protected against vulnerabilities.
- Use Strong Passwords: Creating complex passwords that are difficult to guess.
- Think Before You Click: Staying vigilant against phishing attempts and malicious links.
Mr. Ariyo further proceeded to provide a comprehensive overview of what creating secure mobile applications entails, delving into security, the What, Why and how, including emerging needs and trends in the industry, as well as secure development.
Speaking on what makes a good app and what elements makes users smile, he shared insights from multiple perspectives:
From the User’s Perspective:
- Intuitive Good UI/UX: Apps should be user-friendly and visually appealing.
- Fulfills Needs: Apps must address specific user requirements effectively.
- Data Protection: Keeping user information safe is paramount.
From the Developer’s Perspective:
- Simplified Requirements: Clear and straightforward, not complicated.
- Quick Build: Efficient development processes.
- Good Compensation: Fair pay for their work.
From the Business Owner’s Perspective:
- Customer Attraction: Apps that drive user engagement and revenue growth.
- Cost-Effectiveness: Affordable development costs.
- Quick Build: Fast turnaround for product launch.
- Not too expensive
- Data Insights: Providing actionable data for business strategies.
- Regulation Compliance: Ensuring adherence to regulations.
Mr. Ariyo highlighted several cybersecurity trends peculiar to Nigeria, these include: Ransomware and Vulnerability Exploits, Third-Party and Insider-Enabled Attacks, Unemployment, AI/ML-Assisted Crimes: Including deep fakes and social engineering, Cloud/On-Premise Integration, Cybersecurity Inexperience and Smart Home Exploitation.
He placed special emphasis on smart home exploitation due to increased adoption of IoT devices and the ongoing construction of smart homes across the country.
On creating secure mobile applications, he delved into the software development life cycle (DLC), covering critical phases such as analysis, Design, Development, Testing, Deployment, and maintenance. He detailed the design phase, which includes
informational, functional, and behavioral modeling alongside attack surface analysis.
Threat modeling was discussed, illustrating how potential vulnerabilities can be exploited and visualized through attack trees. The development phase spotlighted testing, with tools like Checkmarx, Selenium, and Metasploit, as well as manual penetration testing and methods like SAST, DAST, and fuzzing. For identifying vulnerabilities, he recommended resources like WASP and CWE databases. Coding tools such as GitHub Copilot and Amazon Q were also noted.
Final Thoughts
Mr. Ariyo concluded his presentation by emphasizing that adequate planning and a collaborative team approach are critical when launching a secure mobile application. He urged developers and businesses to adopt a proactive stance on security to safeguard user trust and ensure long-term success in the app ecosystem.
His insights left attendees with a clear roadmap to creating secure, functional, and user-friendly mobile applications, tailored to meet the evolving demands of Nigeria’s digital landscape and beyond.
