Smartphones are an integral cog of the IoT environment and a fundamental bloc of any related security solution, given that IoT mobile applications allow users not only to get information, but also to influence the environment. This paper presents a methodological instrument that can contribute to implementing and evaluating security measures in mobile applications by means of an automated analysis tool. A clear process for linking policy and high-level security guidelines and measures to concrete source code elements is depicted, as well as an automated way of testing a set of mobile applications against them. In addition, the obtained results highlight the current state of authentication measures’ implementation in IoT mobile applications; at the same time, it is important to note that the proposed approach is generic enough to accommodate other security principles as well.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited