Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How HTML5 Apps Can be More Secure than Native Mobile Apps

DZone's Guide to

How HTML5 Apps Can be More Secure than Native Mobile Apps

· Mobile Zone
Free Resource

Download this comprehensive Mobile Testing Reference Guide to help prioritize which mobile devices and OSs to test against, brought to you in partnership with Sauce Labs.

As businesses accelerate their move toward making B2E applications available to employees on mobile devices, the subject of mobile application security is getting more attention.  Mobile Device Management (MDM) solutions are being deployed in the largest enterprises - but there are still application-level security issues that are important to consider.  Furthermore, medium size businesses are moving to mobilize their applications prior to having a formalized MDM solution or policy in place.

A key element of a mobile app strategy is whether to go Native, Hybrid, or pure HTML5.  As an early proponent of HTML5 platforms, Gizmox has been thinking about the security angle of HTML5 applications for a long time.  In a recent webinar, we discussed 4 ways that HTML5 - done right - can be more secure than native apps.  

1. Applications should leverage HTML5's basic security model

HTML5 represents a revolutionary step for HTML-based browsers as the first truly cross-platform technology for rich, interactive applications.  It has earned endorsements by all the major IT vendors (e.g. Google, Microsoft, IBM, Oracle, etc...).  Security of applications and websites has been a consideration from the start of HTML5 development.

The first element of the security model is that HTML5 applications live within the secure shell of the browser sandbox.  Application code is to a large degree insulated from the device.  The browser's interaction with the device and any other application on the device is highly limited.  This makes it difficult for HTML5 application code to influence other applications/data on the device or for other applications to interact with the application running on the browser.

The second element is that, built correctly, HTML5 thin clients are "secure by design."  Application logic running on the server insultates sensitive intellectual property from the client.   Proper design strategies would include minimal or no data caching; keeping tokens, passwords, credentials, and security profiles on the server; minimizing logic on the client - focusing on pure UI interaction with the server.   Finally, HTML5 apps should be architected to ensure that no data is left behind in cache.

2. HTML5 apps can be containerized within secure browsers

Secure browsers are just one element of MDM that can be deployed on their own to enhance application security.  HTML5 application security can be extended with the use of secure browsers that restrict access to enterprise-approved URLs, prevent cross-site scripting, and integrate with company VPNs.  Furthermore, secure browsers further harden the interaction between HTML5 applications and the device, the device OS and other applciations on the device.

3. Integration with Mobile Device Management

MDM solutions play a variety of security roles including application inventory management (i.e. who gets access to what on which device), application distribution (i.e. through enterprise app store), implementation of security standards (e.g. passwords, encryption, VPN, authentication, etc...), and implemetation of enterprise access control policies.  While MDM was in part conceived to enable secure distribution and control of native applications, HTML5 apps can be managed and further secured as well.  While full MDM solutions are not required for HTML5 security, HTML5 apps can be integrated into a broader mobile security strategy that incorporates MDM.

4. HTML5 was conceived for the BYOD world

The complexity of managing security for native apps gets multiplied as application variants are created for different mobile device form factors and operating systems.  With cross-platform HTML5 applications that run on any desktop, tablet, or smartphone, security strategy is implemented and controlled centrally.  Updates and security fixes are implemented on the server and there are no concerns with users not applying updates to the apps on their devices.


There are many reasons to evaluate HTML5 as the platform for mobile business applications.  Security of HTML5 apps (built with good practices and leveraging a full platform like Visual WebGui) is a particularly compelling reason to consider.

Check out this slide share from recent webinar on HTML5 security strategies.

Analysts agree that a mix of emulators/simulators and real devices are necessary to optimize your mobile app testing - learn more in this white paper, brought to you in partnership with Sauce Labs.

Topics:

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}