News over the last year has been filled with stories of mobile applications leaking customer information and exposing businesses to lawsuits and bad PR. When a mobile app reaches critical mass and winds up on millions of phones around the world, these types of breaches can cost a business serious money.

If you’re developing an app independently or working on a corporate development team, it’s a good idea to have someone test the security of what you’re about to release into the wild.

Secure code reviews are a good way to check your app for security problems before release. While your dev team may have caught most vulnerabilities in testing and through using coding best practices, there still may be some significant security holes.

Having another set of eyes that’s entirely focused on security review the code before launch could save you from major problems down the road.

Sometimes the feedback is as obvious as “Does your app really need to upload the user’s contact info back to your server?” The need might be legitimate, but it might also be something that just got overlooked or needs to be further thought through to prevent a repeat of Path’s user backlash problems with your app.

Someone asking the obvious questions of “Why are you storing passwords in clear text?” may have prevented Starbuck’s embarrassing revelation that it had potentially exposed the usernames and passwords of millions of users with its mobile app.

The point is, no matter how good you are as a developer, it always helps to have outside review.

The more complex your app is and the more it relies on server-side technology and other components, the more risk you have for a data breach. Penetration testing of both the mobile application and it’s web components is a good way to make sure you’re not shipping an app full of security holes.

While testing one piece of the application stack has its benefits. Testing the entire stack is even more helpful and might identify issues with ancillary software that no one even thought to look at.

Your mobile app may be rock solid, but a chink in the armor of an Apache plugin or some other software may make the security of the actual app a moot point.

Investing a little money in testing and review before launch may safe you from having to pay out big bucks and issue mass apologies later on.