2009/4/16 Erik Wingren <ixda at interactivism.com>:
> > 1. What is your thinking/point-of-view on application-level security requirements for a mobile app, where one of its' features is to store personal, potentially sensitive data, when the app runs on a mobile device that already has built-in security layers at the OS-level?
It depends. If your market consists of enterprise customers who are
using devices managed by their IT department, then you can feel
reasonably safe that the device security will be handled.
I actually don't know of very many other folks who are using any sort
of password protection on their phone. Savvy users are STARTING to
clue in to the problem. Starting. Gmail app recommends that you enable
password protection of the phone. Password protection is off by
The next level of thinking is whether the sensitive data requires a
network connection to see, and just how sensitive the data is.
Consider viewing the current status of my stock portfolio. This
clearly is sensitive data, but how sensitive? Most people, if they
lose their phone, will both deactivate their previous device and
acquire a replacement. They don't want to pay for purchases and use
somebody else is going to make with their phone.
So, a stock portfolio status has a 24 hour period in which a thief (or
lucky person) might possibly look at the data. This is a pretty small
Allowing changes to a portfolio: VERY large risk. Require password. Period.
Also consider pre-paid customers, who are adopting web and apps as
well. (Pre-paid is more popular amongst Hispanic communities, and
mobile data adoption is higher amongst Hispanics). That same phone, on
a pre-paid plan, when lost will not likely recovered. It might not be
deactivated ("oh, it just has $5 left on it; I won't bother.")
So the security hole is a bit larger for this group.
I think the best solution is to somehow detect type of plan and
whether the device's password is on. We can't do that if we are
working on downloaded apps or web sites.
Instead, consider having an application password, on by default, with
advanced users having the ability to explicitly turn it off.
I also admire the two-level system adopted by many bank sites and at
least the 1Password application. You enter the service using a first
password (perhaps with the option of turning it off), and you can get
to a lower-sensitivity level of data. Much of the time this is all you
need. Sometimes you want access to more detailed, sensitive, or risky
data. In those cases, the user must enter a second password or PIN.
> > 2. Does anyone have evidence to share, formal or anecdotal, on the percentage of iPhone/mobile users that complete registration (asking for email-as-username and password) when this is required on initial use? >
For which application? What type of application? From what you
suggest, the app wouldn't work otherwise.