Recent headlines provide a good example of this. In July this year, close to 1.6 million accounts were compromised following the hacking of an official forum for popular mobile game Clash of Kings. The app had more than 100 million installs on Android alone, yet had taken a lacklustre approach to security, failing to take basic measures such as using HTTPS web encryption. This can severely affect user experience and turn gamers off for good.
The massive size of the mobile app market also means that alternatives are often easily available. Candy Crush and its many variants, for example, are currently a dominant name in mobile game apps. However, the mechanics of the match-3 game are by no means unique. Multiple similar games such as Bejeweled and Frozen Free Fall are available on the same platforms, and a hack could well drive users to these parallel apps.
Considering security proactively rather than reactively also enables app-makers to place greater focus on other aspects of game apps such as visual design and gameplay. When security concerns are not inherently addressed in the design of the game and app, each issue that subsequently arises becomes a stumbling block, slowing down the entire process. In contrast, pre-empting security concerns gives app-makers a good contextual view of the threat landscape. This allows them to quickly build out gameplay in a safe manner, avoiding legal and communications roadblocks.
For example, users trespassing into restricted areas because they are too engrossed in gameplay should have been an easily foreseeable outcome had safety and security been a key consideration in the experience design of Pokémon GO. Taking note to avoid creating scenarios where users move into sensitive areas beforehand would definitely take less time and effort then identifying all such instances and making changes post-launch. Already, requests to remove Pokestops - key landmarks for Pokémon GO players - from sensitive areas such as the Hiroshima Peace Park in Japan have been received.
In addition, businesses need to understand securing their market offerings as part of corporate responsibility. Users of apps entrust developers with their personal data, and it is a business' responsibility to protect this by making due consideration of security in their products.
How should businesses incorporate security into their processes?
It is true that 'security' is not exactly a buzzword that drives manic app downloads among consumers. However, rather than treating it as an additional technical consideration, developers and businesses should see security as a base layer underscoring all stages of the process, from conceptualisation to marketing.
One way to understand this is to view security concerns as common starting points for all the vehicles of app design and development. By aligning the origin point from which all actors in the app development ecosystem can carry out their tasks, a cohesive process with the same underlying focus can be created. This also allows businesses to get a good overview of risks that may pose problems later, and consider alternatives if needed.
Sign up for Computerworld eNewsletters.