Custom Made vs. Off-The-Shelf Mobile Apps – The Issue of Security

The article is written by James Burbank, who runs a business blog called BizzMarkBlog.

In October 2015, Blakely Thomas-Aguilar did a great article on mobile security statistics on the VMware AirWatch blog that can and will send shivers down your spine. For example, she found that there was an increase of 18% in the number of Android vulnerabilities between 2011 and 2015. She also found that OS X malware was 5 times more common in 2015 than in five years preceding it combined. The most terrifying statistic that she discovered was that Gartner stated that more than 75% of mobile apps would fail even the most basic security tests.

One thing was (and is) certain after reading her article – mobile apps struggle with security .

There are innumerable reasons why this happened and one of them is definitely the fact that more and more businesses are choosing off-the-shelf mobile apps, as opposed to those that have been custom-designed for them.

Off-The-Shelf Mobile App Basics

Before we start talking about the security issue in the field of off-the-shelf mobile apps, we should probably say a thing or two about this type of mobile apps. As their name would suggest, these apps are purchased much like any other product that is manufactured for mass consumption.

The process is a simple one. The first thing to do is to choose a reputable company that does this kind of mobile app development. Next, you choose one of the customizable templates, as they all work with templates that can be used for a number of different businesses and their future apps. You then fill the app with your own data and information, customizing it so that it does not look like every other from your industry and you are on your way. It does not end there, as some such companies offer certain more advanced options. One of the largest mobile app builders, Bizness Apps, for example, also lets you scan your already existing website and get an app that will be coordinated with it, which is always a plus.

In the vast majority of cases, you will be able to develop an app like this for free, just so you can see what it would look like. However, launching it and making it useable will cost you a monthly fee.

Main Differences from Custom-Developed Apps

Of course, there is a deal of differences between off-the-shelf apps and the "more traditional" custom-developed ones.

First of all, there is the issue of price which is definitely on the side of the off-the-shelf apps. The majority of app builders sell their apps for the price of up to $50 a month, whereas getting a custom app developed could cost you anywhere between $10,000 and $500,000, even a million for the most advanced apps. These app makers make it possible for small businesses to launch their own apps without breaking the bank.

These off-the-shelf solutions come with limitations, however, and it is important to understand this. They will be based on certain templates and while most small businesses will be able to customize them to suit their needs, there are certain features that might not be available. In addition to this, such apps are never totally, 100% unique and they will most likely resemble apps developed on the same platform.

Still, for most SMEs, these compromises are more than worth the price difference.

The Security

Finally, we come to the issue of the day and the subject that will be of most interest to TeskaLabs blog readers – the security issue.

Since off-the-shelf mobile apps are based on certain templates, it goes without saying that the level of security measures they provide can never be the same as the one you get with custom-developed apps. While certain app builders will give you the chance to pay for more advanced security measures, they will hardly be as good as those you would get with custom-developed apps.

Certain app builders also use platforms that aged quite a bit and their security measures may not exactly be the most cutting-edge. In addition to this, certain security vulnerabilities that are innate to specific platforms may be known to individuals who have stopped working for these companies years ago and who might use these vulnerabilities to their illegal ends.

Because of this, if one decides to go with one of these apps for their business needs, it is always a good idea to consider (and reconsider) going for some added layers of security, such as the one provided by TeskaLabs.

Closing Word

App builder websites can definitely be an intriguing proposition for small business owners who do not have the means to hire the services of app developers who will do a custom app for their needs. That being said, they should definitely remember that there are limitations to off-the-shelf solutions, especially when it comes to the security of their future app.

AUTHOR: James D. Burbank has spent more than a decade in the world of marketing. The last few years, he's been trying to stay on top of all things online marketing. With some friends, he runs a business blog called BizzMarkBlog.

If you’d like to get a true assessment of the security of your mobile application and its backend, please check out our Mobile App Security Audit service. Alternatively, request a FREE Demo to know how we can assist you with the security of your mobile solutions.

About the Author

Guest Author

A guest author is an SME of his/her topics or a friend of TeskaLabs.

You Might Be Interested in Reading These Articles

The Security Vulnerability That Puts Millions of Application Backends at Risk. Yours Included

FoxGlove Security researchers published a serious vulnerability that can put millions of application backend, including mobile backend, at risk. Mobile applications use the same web-app technology for their backends, thus suffer the same vulnerability. Mobile application servers are inherently insecure because they consist of extensive stacks of software. Each piece can contain risky zero-day vulnerabilities.

Continue reading ...

mobile security

Published on December 15, 2015

Why Is Data Encryption Necessary even in Private Networks?

Securing data transferred between different endpoints is important not only through public networks but also in private networks. The data has to be protected if it is business critical or if modification or interception leads to a security incident with a high business impact.

Continue reading ...


Published on May 03, 2016

OpenSSL DROWN Vulnerability Affects Millions of HTTPS Websites and Software Supporting SSLv2 (CVE-2016-0800)

DROWN is caused by legacy OpenSSL SSLv2 protocol, known to have many deficiencies. Security experts have recommended to turn it off, but apparently many servers still support it because disabling SSLv2 requires non-default reconfiguration of the SSL cryptographic settings which is not easy for common IT people who have limited security knowledge and don’t know the location to disable this protocol and the way to disable it.

Continue reading ...

security bulletin blog

Published on April 12, 2016