Elisabetta Zaccaria, Chairman Secure Chorus on “Security by Design for Mobile Apps” for Cyber Defence Magazine


Secure Chorus’ Chairman Elisabetta Zaccaria discusses how with the amount of digital information being transmitted via mobile apps rising at a dramatic rate, protecting this information from falling into the hands of cybercriminals has become a significant challenge.

With mobile apps, thedata exposure risk stems mainly from the variety of data and sensors held in mobile devices, the use of different types of identifiers and extended possibility of users’ tracking the complex mobile app ecosystem and limitations of app developers, as well as the extended use of third-party software and services.

These risks mean that when it comes to the implementation of core data protection principles in mobile apps – as stipulated by the EU General Data Protection Regulation (GDPR) – there are serious challenges. The application ecosystem complexity, including app developers, app providers as well as other actors in the ecosystem (operating system providers, device manufacturers, market operators, adlibraries, and so on) is the main factor that hinders mobile app developers and providers compliance with the GDPR, e.g. the requirement to implement data protection by design and by default, during data processing

This Regulation applies to the processing of personal data by a controller or processor established in the EU, regardless of whether the processing takes place in the EU or not. It also applies to the processing of personal data of ‘data subjects’ based in the EU by a controller or processor not established in the EU, where the processing activities are related to: the offering of goods or services, irrespective of whether a payment from the data subject is required, to such data subjects in the EU; or the monitoring of their behaviour as far as their behaviour takes place within the EU. The GDPR finally applies to the processing of personal data by a controller not established in the EU, but in a place where Member State law applies by virtue of public international law.

The compliance of mobile apps with the GDPR may therefore not be a concern limited to EU enterprises, but to a much wider pool of organisations falling in the above jurisdictional applicability. To resolve these challenges, there is now a need for greater industry-wide cooperation on the development of standards to make mobile apps secure by design.

The full article can be found here

Start typing and press Enter to search