Contents

Mobile Security Primer

Coding Practices

Handling Sensitive Data

Caching and Logging

Webviews

iOS

Android

Servers

At NowSecure we spend a lot of time attacking mobile apps. Hacking. Breaking encryption, finding flaws, pen testing and looking for sensitive data stored insecurely. We do it for the right reasons - to help companies make their apps more secure. This document represents some of the wisdom we share with our clients and partners. It includes over fifty best practices for creating more secure mobile applications. The descriptions of attacks and security recommendations in this report are not exhaustive or perfect, but you will get practical advice that you can use to make your app(s) more secure.