On the face of it, smart cities can do a lot for residents, visitors, resources, and the environment. By automating anything from parking availability information and street lighting to water supplies and power grids, urban areas can save more money and satisfy more citizens. What’s not to like?

Consequently, many cities are already embarking on creative uses of systems, data, and applications, engaging with vendors, operations departments, and mobile device users to make life easier, be responsive, and cut expenses. However, security remains a critical issue. Among other things, smart cities multiply the opportunities of data theft and system sabotage for bad actors lying in wait for a chance to strike.

Smart cities are part of the overall Internet of Things, and the IoT breakthroughs in mobile computing, sensor technology, analytics, and artificial intelligence are all available to municipalities, their IT departments, and their solutions vendors. Mobile applications specifically are a game-changer, letting city employees and city users interact and react anywhere, anytime. For example, citizens in Scottsdale can report broken lighting, road and sidewalk degradation, sewer issues and more with a handy app supplied by the city. In Boston, drivers get real-time information on where best to park from one app, while another one uses smartphone sensors and GPS to collect data on the smoothness of the ride, uploading data to a city server with the location of any road surface problems that must be fixed.

However, in the rush to make apps available to users, security may have taken a back seat. IT departments more used to conventional corporate firewall strategies leave mobile security in the hands of the app designers, where it may or may not get the attention it deserves. The security stakes are high. Hacking of apps used to control city systems can cause havoc in streets and buildings, whether as part of “hacktivist” activities or as a handy diversion while a bank robbery takes place. Malicious code in apps made available to citizens can cause malfunctions, steal data, spy on user activity, and propagate malware infection over networks.

Security testing is therefore of paramount importance. Yet it must be done quickly and efficiently to overcome a problem of perception among app creators that testing is necessarily a lengthy and resource-intensive process. Once out in the open, apps must still be monitored and tested for safety and protection of users and systems they control. End-users should also have the possibility to check apps easily and at no charge, helping them to sort the good from the bad in the increasing number of IoT apps now available for download.

All this is a challenge that will only increase over time. As Kevin Mullenex, CEO of Mi3 Security, points out, “United Nations data shows that over half the people in the world live in urban areas, and we can expect a further influx of 2.5 billion people over the next few decades. Mobile security in smart cities must start now, preventing issues of device hijacking and abuse of personal privacy, rather than trying to repair the damage afterwards”.