At NowSecure we spend a lot of time attacking mobile apps - hacking, breaking encryption, finding flaws, penetration testing, and looking for sensitive data stored insecurely. We do it for the right reasons - to help developers make their apps more secure. This document represents some of the knowledge we share with our clients and partners. We are driven to advance mobile app security worldwide.
This guide gives specific recommendations to use during your development process. The descriptions of attacks and security recommendations in this report are not exhaustive or perfect, but you will get practical advice that you can use to make your apps more secure.
We revise our best practices periodically and invite contributions, and the updated guide is published here as changes are accepted into the main repository.
To learn about all the vectors that attackers might use on your app, read our Mobile Security Primer.
We categorize our Secure Mobile Development Best Practices under eight topics. You can find a complete table of contents here
The book is written with GitBook.
We revise our best practices periodically and invite contributions, and the updated guide is published here as changes are accepted into the main repository.
We welcome contributions from knowledgeable developers and security professionals. All contributors must read our Contributing page and accept the terms in their Pull Requests. Please follow the template and format provided if you do contribute.
We publish this guide under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
We will review contributions and periodically publish updated recommendations. If you have questions or feedback please let us know.
First fork this repository, make your changes and submit them back to this repository as a Pull Request. If you are unfamiliar with this process, please read the GitHub User Documentation.
TBD