Developing a mobile app securely is essential to safeguarding the sensitive information you may be gathering. Taking proactive steps during the development process can significantly reduce or eliminate vulnerabilities in your software. Vulnerabilities can lead to the compromise of UCSF data, personal data, denial of service, loss of service, or damage to a system used by thousands of users. It is important to incorporate secure coding practices when developing your mobile app. A number of resources are available to keep your application secure

Please note: All devices and applications at UCSF must meet the Minimum Security Standards.

Directions

1. Adhere to the guidelines for UCSF IT Application Security.
   • The UCSF IT application security page contains a list of resources to keep your application secure. This includes secure coding best practices, security scans and assessments, and more.
2. You can also visit SOM Data Security resources for application security guidelines and templates.
3. Additional resources for secure mobile app development:
   1. Android App Security Best Practices 
   2. iOS Security Framework
4. If the mobile app handles P3 or P4 data, be sure to submit for a security risk assessment.
   1. Start by having the following prepared:
      1. Data flow diagram (for help preparing one, submit an IT Consultation request here).
      2. Have all management roles of the system identified (e.g., who "owns" the system, who will manage accounts, etc).
      3. Documentation of the security procedures you will use to manage the system.
      4. Initiate a BIA (Business Impact Analysis) – this can be done in parallel with the risk assessment.

Support

UC Learning Center Skillsoft offers numerous online courses in a variety of topics, including IT, software development, and security.