Cyber Security in practice
The popularity of mobile applications (apps) is unwavering. Statistics show that, at the start of 2023, around 2.68 million apps were available in the Google Play Store. However, these millions of apps also mean countless potential risks – especially when security has not been thoroughly tested. To ensure that apps are tested properly and application data are protected, the Google-initiated App Defense Alliance (ADA) has introduced a security check: the Mobile Application Security Assessment (MASA).
Developers benefit from testing their applications according to the MASA process, as it builds trust with the user if the app has been tested thoroughly in terms of security and data protection. There are just five providers that are authorized by the ADA to conduct these tests, and DEKRA is one of them.
DEKRA maintains close dialog with developers at all stages of the MASA process. In terms of data protection, for example, developers are required to clearly document how they collect and use personal data. If they resolve the vulnerabilities identified vulnerabilities and successfully pass the test, they receive an official security certification stamp.
Business Line Manager Cyber Security Testing & Certification
As Business Line Manager, Rubén is actively shaping the Product Testing Portfolio within DEKRA’s Cyber Security Hub and is also steering the onboarding of new cyber security solutions on a global level.
Rubén is an experienced professional and leader with a track record of over 15 years in the IT industry. He is an advocate for driving successful transformational initiatives within the organization and is known for building efficient teams that successfully bring new cybersecurity services to life.
His driven personality and his entrepreneurial background as a start-up founder, make him a respective member of different working groups, including the European Union Agency for Cybersecurity (ENISA), where he is contributing to enhancing future activities in the Cyber Security Market Analysis.
Developers fail most frequently when it comes to authentication, session management, data storage, and data protection. This applies to around 40 percent of applications, and 90 percent fail in at least one test category. However, this is not really surprising because they are currently adapting their apps to proven security processes.
Truth be told, it was a long process. For one thing, DEKRA had to pass a technical assessment in order to become qualified. And we also had to offer the service on the basis of a fully developed process that was accredited to ISO 17025. Furthermore, we had to ensure we met the requirements for quality and service level agreements. We were able to do this thanks to our qualified personnel and feedback from our customers.
We are seeing more and more customers developing applications according to the security by design principle. As a result, certifying the apps is much easier because developers use proven processes from the design phase onward. Another important trend is the use of artificial intelligence and machine learning. These technologies enable apps to understand user behavior in order to deliver personalized experiences. This is something that MASA might be testing soon, to ensure that the apps comply with ethical principles. And lastly, cloud-based services are enabling greater flexibility, scalability, and security in the development of mobile applications.