Our increasing reliance on mobile apps elevates their insecurities and shines a spotlight on their vulnerabilities. The author introduces a secure mobile app development approach that is proactive and provides verifiable security. Application security is usually assessed outside of (or at the end of) the development life cycle and incurs a heavy cost on productivity and security. Traditional security development approaches do not align well with the mobile application development world due to myriad differences between mobile and desktop systems.

The author’s approach prescribes a security baseline for mobile app development and technical controls that verify the security provided by the baselines. The idea of shifting security left in the development life cycle is not novel, but the presented secure verifiable approach is desirable and moves the needle in the right direction. The overall schema developed by the author is impressive and worth using as a reference to emulate these results in commercial or production development environments to reduce the security exposure of mobile apps.