Recently, the new threat that should be concerning for millions of mobile app users was discovered: an analysis of widely used mobile apps both from App Store and Google Play, conducted by two software engineers from Symantec, exposed that some apps have hardcoded and unencrypted credentials to cloud services, which creates a potential vulnerability when anyone with access to the app’s source code could potentially extract and manipulate the data. The stem of the problem is claimed to be lazy coding and failure to follow best security practices. While the vulnerability can be expected to be fixed soon, this case highlights the need for a more diligent and conscious approach to mobile app development to ensure better protection of users’ data.
Vladislav Terekhov, a mobile developer with almost a decade of experience and a creator of an app with over 300 thousand downloads, currently working at Mobilesource Corp, points out key principles the developers should follow to avoid mishaps like the one described above. He notes that one of the biggest challenges faced by today’s mobile developers is balancing malware protection and user experience.
“The developers need to find a balanced proportion, where the security measures are efficient without becoming too restrictive or impairing user experience,” he comments.
To do so, one needs to determine the main attack vectors and the most sensitive aspects of the app and focus on mitigating related threats. This will help to spend development time and resources more efficiently while keeping the user experience convenient and engaging.
A vivid example of creating a convenient but secure app is Vladislav Terekhov’s own unique project, an Easy Screen screen-sharing app for Android. It allows users to establish a connection between a smartphone and a Smart TV device, allowing them to transfer content conveniently and stream media directly to the TV. While linking devices demands special attention from the security point of view, the data is transferred in an encrypted form, a solution never implemented before. This way, the app remains easy to use while protecting users’ data efficiently. Today, it has amassed over 300,000 total downloads, proving its popularity.
However, to implement this approach efficiently, developers need to work on threat prevention strategically and proactively. Earlier, many developers had relied on client-side reactions, like reports on app crashes or unexpected behavior.
“Just responding to the issues after they appear is not enough anymore”, explains Vladislav Terekhov. “Developers need more flexible threat monitoring and runtime protection strategies, to tackle emerging threats before they endanger user’s security.”
This is the approach Vladislav Terekhov followed in all the companies he worked at, and it helped him to bring his projects to success. For instance, starting as a mobile developer at SensusTech LLC, he eventually became a product manager, leading and organizing the development process to achieve maximum efficiency even within limited time and resources. The flexible strategy allows him to overcome such challenges and find optimal solutions for improving the app’s performance or implementing new technologies while keeping up with the security demands as well.
It is hard to avoid mentioning AI advancements as well. As artificial intelligence becomes a source of new threats, for example, through creating fake websites or apps for phishing purposes, it can also provide a solution. AI can become a part of an application’s security system, being used to predict threats, analyze users’ behavior, and detect suspicious activities. Moreover, AI technology can become part of the development process by itself, making it more efficient through simplifying testing and other routine tasks. This is why, while working at Mobilesource Corp since 2022, Vladislav Terekhov made implementing AI technology one of his priorities. Developing this direction turned out to be beneficial for the company by improving its apps’ efficiency, security, and performance.
Vladislav Terekhov concludes that to create secure and efficient apps, either as a solo developer or within a team, one has to learn continuously.
“Along with new threats, new protective measures emerge as well, but the developers need to be able to use them properly,” he explains. “For example, Google regularly implements updates to improve security within the Android ecosystem, and the developers need to keep up with them to create apps that follow current industry standards.”
One of the efficient ways to expand both practical skills and theoretical knowledge is participating in hackathons which require looking for creative solutions within a short timeframe. Vladislav Terekhov participated in several events of this type, becoming a winner at Angel Hack 2017 Hackathon in Kaliningrad, Russia, and next year at the international stage of Accor Hotel Hackathon in Budapest, Hungary.
Moreover, he also finds it important to share his knowledge and expertise with others, helping other developers to master new technology. Since 2024, he has been a Senior Member of IEEE, an organization that unites the most successful professionals in electronics, technology, and informatics. He also participated in the National Business Award Innovation and Tech as a member of a jury board, helping to determine the most creative and innovative contestants. He notes that establishing a community that supports learning and professional improvement is essential for mitigating security risks. He implements the principles described above in his own work and hopes other developers will find these strategies efficient as well, improving the security of their apps.