Security in mobile devices has two main areas: hardware security and software security. Hardware security mainly protects the integrity of the software, and software security enforces application-level security. The focus of this section is software security.
Software security can be defined in a number of different ways:
Quality-based approach: The product does what the specification says. It is assumed that the specifications are flawless.
Robustness-based approach: The product fulfills its specification under different conditions and under attack, meaning that there are reactive components and, for example, error correction methods managing changing environments.
Feature-based approach: A secure product provides and guarantees security features that are required by its clients. It is assumed that the integrity and strength of used features is already verified on a certain level.
Product security, like "quality," is an attribute that can be difficult to assess and verify; both must be treated as processes and are seldom achieved by simply adding features. Most importantly, these attributes must be addressed from the very earliest stages of product development.
Software security goes beyond tools, methods, and better programming interfaces; it is also a way of thinking and acting according to security processes. All participants in the mobile industry must adopt a way of secure thinking to produce secure software in mobile devices. This awareness of security must be a consideration right from the start — if security issues are overlooked and ignored during development, the resulting software cannot be secure. These topics are covered in this section.
Application signing is a mandatory part of security process.
For an introduction to security, see Security concepts.