Developing 3rd party connections and APIs Security considerations Access control Front end build and maintenance While the finished product will be original, it will also require an average build time of 12 to 24 months.Most developers simply do not have this luxury and opt for an off the shelf IoT application enabled platform (AEP).An AEP is a self-contained IoT environment that developers can utilize to build and deploy IoT products and services quickly, with well-known options including Azure IoT, AWS IoT, and IBM Watson.Developers should consider key factors like cost (particularly the cost of scaling your product when you take it to market), speed (what’s the maximum latency that’s acceptable to you?) and APIs (does the solution provide open API’s to glue the solution together with your own backend systems?) when differentiating between these AEP players.The Connection: Cloud vs.Peer-to-Peer Once developers have settled on their app platform, the next step is to consider the connection type.
The standard option for most off the shelf IoT application enabled platforms is to relay client-device communication via the cloud.This database-driven solution stores information on a central server before it is presented to the user, which might be preferential during big projects which leverage huge datasets.
On the other hand, however, this connection type opens the door to privacy problems, high latency and high running costs.The other connection option for developers is peer-to-peer.Instead of relaying commands through a “middleman” server, this connection type is made possible with third-party providers to offer a direct connection between the end-user and client.This method only stores user data on the IoT device itself to offer complete user control — with the simultaneous benefits of high security and low latency.The Security: Tips for Safe Apps Then, with the app framework and connection decided, comes arguably the fundamental design consideration when developing an IoT app — security.Smart home, health, and surveillance devices all transmit extremely sensitive personal data, and any breaches could be harmful to users and disastrous for the device manufacturer’s reputation.
Thus, apps should come locked and loaded with strong security.
Unfortunately, the majority of companion apps do not.
Researchers last year found that about half are potentially exploitable through protocol analysis since they use local communication or local broadcast communication, thus providing an attack path to exploit lack of crypto or use of hardcoded encryption keys.Further, this study into companion apps from some of Amazon’s most popular devices found a lack of encryption in one-third of cases and the use of hardcoded keys in one-fifth of cases.The good news is that secure communication between a device and an app is possible.Smart home device creator EZVIZ shares an encryption key enclosed in the device box in the form of a QR code that must be scanned by the companion app.
Meanwhile, German smart heating and cooling provider SOREL successfully uses a peer-to-peer connection to ensure its smartphone app communicates without interference.Moreover, the connection offers the company minimized risk since end users only manage their data on their device.Security remains a stumbling block for many of today’s apps, so here are three elements for developers as they consider how to develop IoT apps : Audit your chosen IoT AET platform: Inspect the security credentials of your chosen IoT platform provider and check to see evidence of regular penetration tests and security updates.Use two-factor authentication, obfuscation, and encryption: This will help ensure only authorized users can access the IoT app.
Use public key infrastructure (PKI) for authentication and encryption: This ensures end-to-end privacy for your users.Nobody but the user will be able to access the collected data.There are about a million ways to create an app, but designers should keep in mind that only a select few core decisions make or break the finished product.Topics:
Published at DZone with permission of Carsten Rhod Gregersen .
See the original article here.
Opinions expressed by DZone contributors are their own.Popular on DZone.
