When deciding to monetize a mobile app, are looking to be following 2 routes. Free and with ads, or paid. And obviously want to distribute one package. I’m leaving the advert provider and the implementation as well as the payment platform (damn, that’s another angle to test) to the code jockeys, but…
Security, to keep this focused, when showing ads, what security checks should I be doing aside from obvious ones like does tapping on an advert take me to a app or a page that could be malicious.
- I assume adverts can take users to a web page - not much we can do about that is there? How can I check if that’s even a real security vulnerability.
- I assume an advert can take you to the advertised apps store page. Are there any side attack vulnerabilities this can present.
- An advert causes my app to lose focus does it not, what side attacks can that create? Backgrounding differs for Apple and Android, all very technical, and we are still in design phase, so hard to actually test any assertion. Is the advert an “activity”? But… concerned because customer sensitive data will normally be displayed by us after the advert closes… yuck. Sensitive data may also precede the advert, and I don’t want any of this leaking.
Things to look out for, since my main responsibility is normally the desktop, not mobile.