App security suffering as survey finds that most developers still aren't building for mobile

A new study of mobile-development habits suggests that, despite the mobile hype, secure development has a long way to go as less than half of developers have actually built mobile apps – and half of those who do, build just one app per year.

The figures, from the latest Telerik of 3000 IT professionals, found that corporate developers were struggling to keep up with changing technology and development practices as well as a lack of time, tools, and budget.

Of those that were building apps, security remained a low priority with just 11 percent indicating it was the most important part of the apps they build. User experience (44 percent), ease of maintenance (24 percent) and performance (15 percent) were all ranked higher.

Some 76 percent of developers reported that they were building apps for Google's Android platform, outnumbering those building for Apple's iOS (63 percent) and Microsoft's Windows Phone (40 percent).

With most developers getting little hands-on experience in actually building mobile apps, the figures reinforce companies' exposure to poor software development practices that market-research firm Cybersecurity Ventures has argued cause ongoing exposure of sensitive corporate information to possible external threats.

That firm's Q3 2015 Application Security Report

Analyst firm Forrester Research has argued in favour of formal development and operations (DevOps) approaches that promote more rapid, iterative mobile development that “can actually improve cybersecurity, not compromise it,” the firm says.

“Just as DevOps enables organizations to improve quality by acquiring and acting on feedback earlier, DevOps improves cybersecurity by catching security flaws earlier in the delivery cycle and enabling organizations to respond faster to compromises.”

Even as organisations struggle to build out their developers' mobile-security credentials, both major platforms have recently been hit with a raft of new exploits – including the KeyRaider iOS malware, and the Certifi-Gate exploit and Stagefright vulnerability on Android devices. Google recently detailed plans to improve app-development security by building Runtime Permissions that change Android's permissions model to improve security while an app is running.

Blast from the past?

Try our new Space Invaders inspired video game NOW

What score can you get ?

Tags developersApp SecurityTelerikmobile-developmentdevelopment and operations (DevOps)Apple's iOSMicrosoft's Windows Phone

Show Comments