Mobile App Security: In Search of the Silver Bullet

In October, 2016, the use of mobile devices to access the internet surpassedi that of desktop computers. Today, more than half of internet access is done with phones and tablets.

What, Me Worry?

Given this, you might assume that mobile apps would be designed with high levels of security or that security itself would be an utmost consideration in app design, but that’s not the case. In fact, the problem of security in mobile apps is enormous – and not new, either.

First the Breach, Then the Fix

As far back as 2014, Gartner predictedii that, by 2017, 75% of mobile security breaches would be due to a failure of what it called “app misconfiguration”.

A study by the Ponemon Institute in 2018 claims that a majority of organizations admit they don’t invest in app security until AFTER they’ve suffered a breach. No wonder the dollar value of the average security breachiii today is nearly 4 million dollars US.

Albert Lo, Senior Mobile Engineer with Optimus Information, says it’s a mistake for a developer to assume that web security tools can be applied to mobile apps. “You can’t lump them into the same bucket,” he says. “Mobile security has its own set of characteristics.”

Why Mobile Security is Different

Mobile apps also have their own unique security risks, Lo adds. Malware developers target mobile apps by first trying to “decompile” them. They change a few things so they can inject their own malware, recompile the app and sign a new security certificate that binds to the app, he says.

This is one of the chief security differences with web apps, that don’t need to sign a security certificate, and why different security strategies must be employed.

The best approach to securing a mobile app is in the design stage. “It’s really a mindset you need, that security should be part of the development process right from the start – especially when different frameworks are being considered.”

Choosing the Right Framework

Mobile apps often have a need for persistent data – user data or network data stored in a database, for example. Not all databases, however, are created equal and the choice will ultimately impact the app’s security features.

Albert Lo works with Android-based apps, which use a database called SQLite. The problem with this database is that it’s not secure, so an Android developer can reach for a framework known as Realmiv which comes with 256-bit encryption built in – but also demands up to 4MB of space for its database.

Optimus-Mobile-App-Security Mobile App Security: In Search of the Silver Bullet

Others, like Google’s framework called Roomv, can also be used. Room provides an abstraction layer over SQLite to allow for more robust database access but it doesn’t support database encryption – unless a developer puts in extra work to build encryption support. Room’s database, as a result, is much smaller.

One tool that has proven very useful here at Optimus is Google SafetyNet. SafetyNet is an API that lets a user know if an app has been compromised or tampered with. It can run on the server side and perform checks in real time to determine whether the mobile app has been compromised.

Open Source Open to Risk?

Albert Lo says he’s often asked if an open source code base like Android doesn’t have inherent security risks. He maintains that because of its open source nature, Android can be constantly improved when those with security backgrounds scrutinize and review the OS code base, something that can only help the code base become better and more secure over time.

“But, using an open source OS like Android means you also have to immediately adopt standards and best practices to safeguard against security threats and attacks on user data,” Lo states. Once adopted, the OS developer ensures that the app is less vulnerable to attack.

No Simple Fix

At the end of the day, “there is no silver bullet or framework that will magically address all your security concerns and requirements. That’s just the way it is. Securing a mobile app is complex and there are different concerns to deal with. For those apps that don’t store credit card information or have a database, for example, there’s no concern about encrypting a database,” Lo says.

He often refers to the Open Web Application Security Project or OWASP for counsel. OWASPvi is an open community “dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.”

OWASP’s Top 10

Recently, OWASP published its Mobile Top 10, a list of potential app security issues with suggested workarounds. At Optimus, Albert Lo and his associates adopt a layered approach when it comes to security, using OWASP guidance to assist them in providing fortress-like security during app development.

Best Practices Work Best

Will there come a time when mobile apps are fully and permanently secure? That’s hard to say with certainty. Blockchain technology holds great promise but, by simply following best practices and standards right now, developers can go a long way in creating secure mobile apps.

Albert Lo says he’s an evangelist when it comes to promoting mobile security best practices.

“Security is ever-changing because there’s new technology and new best practices every year. Security is not static. There is always something to learn.”

Rely On Our Expertise

At Optimus Information, that learning, as Albert says, is ongoing. As a result, we are delivering top quality – and highly secure – mobile apps to our customers, every day.

We invite you to tap into our wealth of experience in the critical area of mobile security by calling us to discuss how we can assist you with your project.

Optimus Information Makes the 2018 List of Fastest Growing Canadian Companies

Canadian Business unveils 30th annual list of Canada’s Fastest-Growing Companies

Vancouver, BC (September 13, 2018) – For the second year in a row, Canadian Business and Maclean’s has ranked Optimus Information on the 30th annual Growth 500, the definitive ranking of Canada’s Fastest-Growing Companies. Produced by Canada’s premier business and current affairs media brands, the Growth 500 ranks Canadian businesses on five-year revenue growth. Growth 500 winners are profiled in a special print issue of Canadian Business, published with Maclean’s magazine and online at and

Foresight, Innovation and Smart Management are Key

“The companies on the 2018 Growth 500 are truly remarkable. Demonstrating foresight, innovation and smart management, their stories serve as a primer for how to build a successful entrepreneurial business today,” says Deborah Aarts, Growth 500 program manager. “As we celebrate 30 years of the Canada’s Fastest-Growing Companies program, it’s encouraging to see that entrepreneurship is healthier than ever in this country.”

“We are incredibly honoured to be on the Growth 500 ranking again,” said Pankaj Agarwal, founder and managing partner of Optimus Information. “This is a testament to the continued commitment of our entire team, our partners and our customers. We are extremely focused on providing value through the products and solutions we offer, and will continue to listen and deliver on what our customers need.”

Optimus Also Recognized Globally by International Association of Microsoft Partners (IAMCP)

In addition to being named a 2018 Growth 500 company, Optimus Information also recently won two prestigious awards at the 2018 Microsoft Inspire conference. Founder and managing partner Pankaj Agarwal was named a champion of diversity for his commitment to corporate gender diversity and STEM education for young girls. Optimus Information is one of only a handful of technology companies to have reached 50/50 gender parity across their corporation.

Optimus Information also took home the Canadian Bronze honour in the global category for partner-to-partner awards. This award recognized Optimus’s work with Squirrel Systems as they moved their industry-leading hospitality and restaurant POS application from a legacy on-premises solution to the cloud. Because the application deployed so much of the latest thinking around mobility, analytics, AI and more, Microsoft is jointly working with Optimus and Squirrel to develop a formal case study for others to learn from.

“Our company continues to achieve year-over-year growth because we are laser-focused on helping our customers rapidly scale their own businesses,” said Ryan O’Connor, Chief Technical Strategist, Optimus Information. “We share the same vision as the partners and customers we work with and, therefore, our success is their success. This year, we have made incredible progress on our business plans.”

For more information on how to optimize your Dev/Ops efforts by working with one of Canada’s fastest growing companies, contact Ryan O’Connor directly at or 1-604-785-0065.

About Optimus Information

Headquartered in Vancouver, British Columbia, Optimus Information also has offices in India. Optimus is designed to help global organizations with application development, testing and analytics. The company provides outsourced technology services to small and mid-sized organizations in the ICT Sector. For media enquiries, contact Ryan O’Connor, Chief Technical Strategist,, 1-604-785-0065.

Like us on Facebook

Follow us on Twitter

Follow us on LinkedIn

About the Growth 500

For 30 years, the Growth 500 has been Canada’s most respectable and influential ranking of entrepreneurial achievement. Ranking Canada’s Fastest-Growing Companies by five-year revenue growth, the Growth 500—formerly known as the PROFIT 500—profiles the country’s most successful growing businesses. The Growth 500 is produced by Canadian Business. Winners are profiled in a special Growth 500 print issue of Canadian Business (packaged with the October issue of Maclean’s magazine) and online at and For more information on the ranking, visit

About Canadian Business

Founded in 1928, Canadian Business is the longest-serving and most trusted business publication in the country. It is the country’s premier media brand for executives and senior business leaders. It fuels the success of Canada’s business elite with a focus on the things that matter most: leadership, innovation, business strategy and management tactics. Learn more at