Market researcher Forrester has some unpleasant news for those of you running iPad apps in your enterprise. Forrester’s iPad take: Chances are good that commercial apps don’t protect sensitive data on an iPad or iPhone.
The reason can be traced to arrogance or ignorance.
According to Forrester, many apps intentionally leak private data from iPhones and iPads to be used, perhaps, in future marketing and advertising campaigns. Other apps simply don’t tap into the iPhone or iPad’s native management and security features because, well, they don’t know how.
If you’re building an iOS app in-house, make sure you don’t fall into the ignorance trap and develop a leaky vessel. Forrester says the native data protection features and security APIs in iOS 4 are strong-so use them.
For starters, this means assigning your security guru to the software development team to ensure they’re following Forrester’s rules:
1. Ever hear of password protection? Force users to enter a password to gain access to the device.
2. An app isn’t nearly as important as the data it can access. Better have a clear understanding of what data the app will process and how the data will be accessed.
3. Will the app store credentials? Maybe. Maybe not. Only store them if absolutely necessary.
4. If at all possible, don’t let the app access private phone data.