ENISA launched a smartphone guidelines tool with the following subjects: – Ensure correct usage of biometric sensors and secure hardware; – Secure data integration with third party code;
– Implement user authentication, authorization and session management correctly;
– Ensure sensitive data is protected in transit;
– Consent and privacy protection;
– Protect paid resources;
– Secure the backend services and the platform server and APIs;
– Identify and protect sensitive data on the mobile device;
– Protect the application from client side injections;
– Secure software distribution;
– Check device and application integrity;
– Handle runtime code interpretation correctly;
– Handle authentication and authorization factors securely on the device.
Read more about this topic at: https://www.enisa.europa.eu/topics/iot-and-smart-infrastructures/smartphone-guidelines-tool