Self-protecting apps and the future of mobile application management

One of the more interesting areas of mobile security right now is the future of mobile application management (MAM). Earlier this year, I had a chance to speak with Andrew Blaich, lead security analyst at Bluebox Research who introduced me to the concept of self-protecting mobile apps.

Blaich explained to me that self-protecting apps are aware of where they’re running. The apps are aware of attacks that can happen on the application, passive or active attacks. Because self-protecting apps are device and environment independent, such apps could be an interesting option for an app you are deploying to partners and customers.

There are tools that malicious actors can use to hook into mobile apps to affect the app’s behavior or to change modification patterns. A self-protecting app can detect and protect against such malicious hooking.

He also gave me the example of a company that’s deployed a mobile app out to its employees. The company still allows its employees to use rooted devices. A self-protecting app can detect if the employees are trying to tamper with the app, trying to access data residing in the app, or trying to reverse engineer the app.

An app policy can either notify the admin or clear the data from the app.

Blaich points to Bring Your Own Device (BYOD) deployments and the fact that there are lots of Android device manufacturers doing their own thing. It’s a mass proliferation of Android devices with only a few vendors following Google’s Android standards. This lack of standards make is especially challenging to secure Android devices in enterprise mobility and BYOD environments.

Jailbroken devices remain a security threat across enterprises of all sizes. People can jailbreak their devices intentionally, or it can be something they aren’t aware of when they buy a device on Craigslist or eBay.

Blaich also pointed out to me that the mass proliferation of Android devices from vendors isn’t about to stop anytime soon.

“They all just do their own thing for the most part,” he said. You can do anything you want with Android, and with iOS for that matter. It’s a fact of life that mobile security professionals have to face and adjust their security strategies accordingly.

He also mentioned that his company examined some Android mobile devices where the true vendor origins of the devices were in doubt. Blaich and his team couldn’t be sure whether a given device was actually from that vendor or not.

Blaich gave the example of a Chinese-manufactured Android device where everything looks like it’s the real device, but the software on the device has been modified in a way where it introduced malware on the system.

“You’re continually going to have this problem where the devices might get modified in line in the distribution channel,” Blaich explained.

Self-protecting apps, MAM, and the future

Change has been the only constant in the mobile threat landscape, and that’s not about to change. The self-protecting app concept that Blaich introduced to me thrives on a changing threat landscape.

While I subscribe to a platform-centric future for mobile security, self-protecting apps complement such platform-based mobile security strategy. I especially like the concept of self-protecting apps for applications that an organization distributes to partners and customers since they’ll never have control over those user devices.

Where do you see the future of mobile application management going?

Image by Thom via

Will Kelly is a technical writer and analyst based in the Washington, DC area. His writing experience includes writing technology articles for CNET TechRepublic and other sites. Will’s technology interests include collaboration platforms, enterprise mobility, Bring Your Own Device (BYOD), project management applications, and big data. Follow him on Twitter: @willkelly.

5 ways enterprise mobility & BYOD influence project management platforms

Enterprise mobility and Bring Your Own Device (BYOD) are amongst the developments influencing enterprises to move project management applications from inside the firewall to third-party hosted cloud solutions. Mobile devices are democratizing project management for the entire team, opening up project schedules and tasks to wider understanding and discussion by project teams.

1. Take project management to the cloud, outside the firewall

When I was a young technical writer, the whole practice of project management was too cloistered for my tastes. The schedule was hard to read. Licenses for desktop project management software were scarce. Interactions between the PMO and the developers had their communications challenges.

Moving to the cloud means freemium options and better overall licensing than what desktop application licensing could ever offer project teams back when I was getting my start. Going outside the firewall saves on IT resources because mobile security around the platform is outsourced to the platform provider.

This new cloud-first/mobile-first approach means that project managers, project leads, and teams can access project information from a mobile device regardless of their geographic location.

2. Offer robust mobile apps on parity with the web

When I wrote about the latest version of Clarizen’s mobile app for TechRepublic, it represented a new level of feature parity with the web interface. The same is going on throughout the cloud project management and collaboration market in response to customers who expect more from their mobile apps. See when I started in this job at TechRepublic, it was enough to be able to view project schedules from your mobile device. Now the expectations for mobile project management include:

  • Full user interaction with project data
  • Push notifications
  • Social collaboration

With mobile apps, project team members don’t have to come back to the office to update their project status and some enlightened organizations out there can certainly change or even eliminate the time-honored tradition of weekly and monthly status reports because mobile apps can stimulate ongoing updates from project team members.

Along with the growing feature parity comes customization options. Today’s mobile apps can be made to fit team requirements for project information. Mobile apps also give you the flexibility with project management workflows that you just can’t get with desktop project management applications.

3.Provide anytime/anywhere visualization

I learned my first project management application and how to read Gantt charts because nobody else on the development team wanted the task. At the time, Gantt charts only spoke the cryptic language of project managers.

Agile programming software development and more self-directed teams have led to the need for more visual representations of project management information that every stakeholder and team member can understand.

This consumerization of project management applications is an offshoot of the consumerization of IT. The growing roster of robust mobile clients for cloud-based project management platforms has opened up what was once cryptic project management information to a wider audience.

Obscure Gantt charts from Microsoft Project give way to easy to navigate project management apps that have many of the same (if not all) of the features of the project management platform’s cloud front end. Many mobile project management apps now let any project team member or stakeholder view their schedule in a format that’s best for their needs.

4. Provide anytime/anywhere collaboration and interaction

While we’ve covered mobile collaboration here on TechRepublic, enterprise mobility and BYOD are even pushing project management platforms into anytime/anywhere collaboration. In a world of telework, remote teams, and flexible work schedules, team collaboration happens around the clock.

Another benefit of keeping it all in the project management platform is the current generation of mobile apps have integrated search tools.

5. Improve security and identity management

The utilitarian nature of project management applications in the cloud means user access needs to be secure yet device agnostic. Take, for example, the project team member that uses a smartphone, tablet, and then a Mac. Identity management solutions are an ideal solution to permit this sort of access. The growth of mixed employee/contractor project teams in some industries should push identity management as the solution of choice just for securing access to cloud-based project management platforms.

Project management and the mobile future

Enterprise mobility and BYOD influence over project management platforms is consistent with other application categories. It’s also welcome as project delivery organizations of all sizes seek the right apps to manage projects cost effectively. No longer can project managers hide in the PMO. No longer can developers and other project team members not be able to understand project scheduling. Today’s business demands that project teams must interact with project scheduling in real time, anyplace/anywhere.

Will Kelly is a technical writer and analyst based in the Washington, DC area. He has worked with commercial, federal, higher education, and publishing clients to develop technical and thought leadership content. His technology articles have been published by CNET TechRepublic, Government Computer News, Federal Computer Week,, and others. Follow Will on Twitter:@willkelly.

Image by timothy muza via