top of page
Writer's pictureKrzysztof Kosman

Dev shop delivered an insecure app - not sure what to do now

In today's digital world, safeguarding your applications is absolutely crucial!

Welcome to today's blog post! We will delve into a critical subject matter, particularly, the impacts of receiving an insecure app from a software development company. This article will cover the essentials of cybersecurity and app development.


In today's digital world, safeguarding your applications is absolutely crucial! As SaaS companies and startups flourish, outsourced and in-house development teams are on the rise, paving the way for innovative software products but also posing potential security threats.


Our discussion today is of utmost importance, especially for CEOs, CTOs, and founders who are in charge of their firm's digital protection. With a wide range of options at disposal, it's crucial to understand the implications of working with an external team versus your in-house software development team.

Brief Understanding of an Insecure App

So, what exactly is an insecure app? In simple terms, it's a software product that has security vulnerabilities, making it susceptible to exploits and data breaches. These application vulnerabilities expose your business to various cyber threats and potential threats, posing substantial risk to your business goals.


Imagine a scenario where your Mobile Applications have application vulnerabilities. These can lead to common vulnerabilities such as unauthorised access to sensitive data or injection flaws, just to name a few. A business that uses such an app can experience a financial loss, damage to its reputation, or worse, a complete shutdown.

Signs that Your Received App is Insecure

Discovering signs of an insecure app before any damage is done can save your company from potential data breaches. Key indicators of an insecure app include constant app crashes, unusual data usage, suspicious activities, among other red flags. These signs can point to the presence of malicious code in your source code. But in real life? Usually you get to know about these insecurities because your users (or hackers) will tell you so.


Unfortunately, there are many real-world examples of companies suffering due to insecure applications. One common issue includes clients emails information leakage caused by insecure API calls to your backend. It is common among companies who trust their project development to unqualified developers or working hasty.


unqualified developers working hasty

Similarly, businesses that ignore regular application security testing can find their sensitive information in the wrong hands. Whether you have an internal team or work with an outsourcing partner, it’s essential to conduct dynamic application security testing or static application security test to avoid such a situation.

Immediate Steps to Take After Discovering You Have Received an Insecure App

If you've discovere



d that you have received an insecure app, some immediate actions to undertake include contacting the development shop and your in-house team (or guy) responsible for security, isolating the problematic app, and initiating a swift response. The immediate response should be "damage control", this sometimes mean switching the app or function off until you come up with a permanent solution.


I am sorry to say, but fighting with the vendor and try to bring them to court usually will not do any good. You need a fast reaction - and they know the code best - so will be able to fix it faster as well.


In case you don't have any technical skill or security knowledge inside your team - you should consider contacting with some other trusted software house for consulting and help. This may be a freelance developer, but beware for him expertise quality. It usually come with the price.

Preventing a Recurrence

Avoiding a recurrence involves several guidelines every organisation should follow. Regarding development teams, consider working with a dedicated development teams from your trusted and experienced software vendor. Yes, this is easier said than done, but taking this approach to software development provides complete control and a more extensive talent pool to guide the process. It is very likely that a good vendor will have a cybersecurity specialists on their team - and it is very expensive to hire them directly (and keep them in team for longer).


company under cyberattack

Indeed, prevention is better than cure. To prohibit a repeat of such a security error, you should prioritise security from the first phase of the application development process. Be it in Eastern Europe or Central Europe, a software house base location shouldn't stop you from achieving this. Services from these regions offer a broad range of services you can tap into.


If application security seems overwhelming, consider hiring a consultant or incorporate an internal IT team that can manage security features. By having an expert team to conduct threat modeling, Interactive application security, business logic, and API security, you can minimise the risks associated with an insecure app.


It may be as well a good idea to reconsider your project management methodology. If you are not working with any framework yet - try to look into Agile, SCRUM and DSDM for an inspiration and solutions.

Strengthening Current App Security

Strengthening your current app security does not have to be an uphill task. Practical steps start from using some application security tools, conducting regular code reviews to running security tests. This way, you can take control and maintain a robust and secure application level.


Managing and consistently updating an application’s security features can ensure a robust defence against potential cyber threats. This includes maintaining application firewalls and spam filters, among other security tools, utilising a hybrid approach as necessary.


Working with competent and qualified developers, either in-house or outsourced, can also contribute to strengthening an app's security. Such developers bring a pool of talent to the table and have clear knowledge of your business requirements.

Final thoughts

We have explored the detrimental effects of an insecure app, how to identify it, the immediate actions to take upon its discovery, and how to prevent such a situation from recurring. The importance of prioritising app security for CEOs, CTOs, and founders cannot be stressed enough. This will start with building a strong and candid relationship with whoever develops your software. I wrote more about this in this article: Why is it worth investing in a relationship with a software company?


Knowing how to strengthen current app security is also invaluable. After all, utmost protection of digital products is a continuous cycle (CI/CD). As long as your business operates in the digital realm, adhering to secure applications measures should be your top priority.


So, as we conclude, let's ensure we incorporate these learnings in our strategies. Enhanced security approaches, transparent communication with our tech partners, and continuous learning are the paths to a secure digital future.

bottom of page