Skill Profile

Mobile Security

Certificate pinning, obfuscation, keychain/keystore, biometrics, secure storage

Mobile Development General Mobile Practices

Roles

where this skill appears

Levels

structured growth path

Mandatory requirements

the other 8 optional

Domain

Mobile Development

Group

General Mobile Practices

Last updated

3/17/2026

How to Use

Choose your current level and compare expectations. The items below show what to cover to advance to the next level.

What is Expected at Each Level

The table shows how skill depth grows from Junior to Principal. Click a row to see details.

Role	Required	Description
Android Developer		Uses Mobile Security at a basic level. Creates simple screens from design. Understands the application lifecycle.
Flutter Developer		Uses Mobile Security at a basic level in Flutter 3. Creates simple screens from designs. Understands the application lifecycle.
iOS Developer		Understands iOS Keychain for secure credential storage. Follows App Transport Security (ATS) requirements. Applies basic data protection APIs for file encryption at rest.
React Native Developer		Applies basic mobile security practices in React Native apps. Uses secure storage libraries instead of AsyncStorage for sensitive data. Understands platform-specific security boundaries.

Role	Required	Description
Android Developer		Implements Android security best practices including EncryptedSharedPreferences and certificate pinning. Configures ProGuard/R8 obfuscation rules. Handles biometric authentication with BiometricPrompt API.
Flutter Developer		Independently implements complex screens with Mobile Security in Flutter 3. Optimizes performance and memory consumption.
iOS Developer		Implements iOS security hardening including jailbreak detection and SSL pinning. Configures data protection classes for sensitive files. Integrates biometric authentication using LocalAuthentication framework.
React Native Developer		Independently implements complex screens with Mobile Security. Optimizes performance and memory consumption.

Role	Required	Description
Android Developer	Required	Implements Android application security: data encryption via EncryptedSharedPreferences and EncryptedFile, certificate pinning via OkHttp CertificatePinner, reverse engineering protection through ProGuard/R8 obfuscation. Configures biometric authentication via BiometricPrompt API, implements secure token storage in Android Keystore, audits dependencies for vulnerabilities.
Flutter Developer	Required	Designs mobile app architecture with Mobile Security. Optimizes performance for low-end devices. Implements CI/CD for mobile development. Mentors the team.
iOS Developer	Required	Ensures iOS application security: secret storage in Keychain, data encryption via CryptoKit, SSL Pinning for network requests. Implements biometric authentication via LocalAuthentication (Face ID/Touch ID), device jailbreak status verification. Configures App Transport Security and Content Security Policy.
React Native Developer	Required	Implements security best practices in React Native — token storage in Keychain/Keystore, certificate pinning, code obfuscation with Hermes. Implements biometric authentication, data encryption in MMKV. Conducts security audits of dependencies and native modules.

Role	Required	Description
Android Developer	Required	Defines security standards for the Android team's applications: OWASP MASVS compliance checklist, security review processes for each release, secrets management strategy (API keys, signing keys). Implements SafetyNet/Play Integrity API for attestation, configures Network Security Config, trains the team on protecting against typical attacks — MITM, injection, data leakage.
Flutter Developer	Required	Defines mobile application architecture. Establishes development standards. Conducts architectural reviews and defines the technical roadmap.
iOS Developer	Required	Architects iOS application security: multi-layer data protection via Data Protection API, Secure Enclave for cryptographic keys. Implements runtime protection: code obfuscation, anti-tampering checks, certificate pinning with fallback strategy. Manages security audit and compliance with GDPR and App Store Review Guidelines.
React Native Developer	Required	Defines the security strategy for the team's mobile apps. Establishes guidelines — secure storage, network security, jailbreak/root detection. Coordinates penetration testing and compliance audits. Implements security scanning in the CI/CD pipeline for React Native projects.

Role	Required	Description
Android Developer	Required	Shapes the organization's Android platform security strategy: zero-trust architecture for mobile applications, data encryption standards at-rest and in-transit, incident response protocols. Designs compliance solutions (GDPR, PCI DSS on mobile), defines penetration testing processes, manages bug bounty program for mobile applications.
Flutter Developer	Required	Defines mobile strategy at the organizational level. Evaluates cross-platform vs native approaches. Shapes platform solutions.
iOS Developer	Required	Defines security strategy for the iOS platform: mobile application threat modeling, security architecture review, and penetration testing. Develops custom security frameworks: zero-trust on-device architecture, end-to-end encryption with Device Check and App Attest. Coordinates with Apple Security for entitlements.
React Native Developer	Required	Shapes the enterprise mobile application security strategy. Defines security architecture — OWASP MASVS compliance, MDM integration. Coordinates security processes between mobile and backend teams. Designs secure SDLC for React Native development across the organization.

Junior 4 requirements

Android Developer

Uses Mobile Security at a basic level. Creates simple screens from design. Understands the application lifecycle.
Flutter Developer

Uses Mobile Security at a basic level in Flutter 3. Creates simple screens from designs. Understands the application lifecycle.
iOS Developer

Understands iOS Keychain for secure credential storage. Follows App Transport Security (ATS) requirements. Applies basic data protection APIs for file encryption at rest.

Middle 4 requirements

Android Developer

Implements Android security best practices including EncryptedSharedPreferences and certificate pinning. Configures ProGuard/R8 obfuscation rules. Handles biometric authentication with BiometricPrompt API.
Flutter Developer

Independently implements complex screens with Mobile Security in Flutter 3. Optimizes performance and memory consumption.
iOS Developer

Implements iOS security hardening including jailbreak detection and SSL pinning. Configures data protection classes for sensitive files. Integrates biometric authentication using LocalAuthentication framework.

Senior 4 requirements

Android Developer
Required

Implements Android application security: data encryption via EncryptedSharedPreferences and EncryptedFile, certificate pinning via OkHttp CertificatePinner, reverse engineering protection through ProGuard/R8 obfuscation. Configures biometric authentication via BiometricPrompt API, implements secure token storage in Android Keystore, audits dependencies for vulnerabilities.
Flutter Developer
Required

Designs mobile app architecture with Mobile Security. Optimizes performance for low-end devices. Implements CI/CD for mobile development. Mentors the team.
iOS Developer
Required

Ensures iOS application security: secret storage in Keychain, data encryption via CryptoKit, SSL Pinning for network requests. Implements biometric authentication via LocalAuthentication (Face ID/Touch ID), device jailbreak status verification. Configures App Transport Security and Content Security Policy.

Lead / Staff 4 requirements

Android Developer
Required

Defines security standards for the Android team's applications: OWASP MASVS compliance checklist, security review processes for each release, secrets management strategy (API keys, signing keys). Implements SafetyNet/Play Integrity API for attestation, configures Network Security Config, trains the team on protecting against typical attacks — MITM, injection, data leakage.
Flutter Developer
Required

Defines mobile application architecture. Establishes development standards. Conducts architectural reviews and defines the technical roadmap.
iOS Developer
Required

Architects iOS application security: multi-layer data protection via Data Protection API, Secure Enclave for cryptographic keys. Implements runtime protection: code obfuscation, anti-tampering checks, certificate pinning with fallback strategy. Manages security audit and compliance with GDPR and App Store Review Guidelines.

Principal 4 requirements

Android Developer
Required

Shapes the organization's Android platform security strategy: zero-trust architecture for mobile applications, data encryption standards at-rest and in-transit, incident response protocols. Designs compliance solutions (GDPR, PCI DSS on mobile), defines penetration testing processes, manages bug bounty program for mobile applications.
Flutter Developer
Required

Defines mobile strategy at the organizational level. Evaluates cross-platform vs native approaches. Shapes platform solutions.
iOS Developer
Required

Defines security strategy for the iOS platform: mobile application threat modeling, security architecture review, and penetration testing. Develops custom security frameworks: zero-trust on-device architecture, end-to-end encryption with Device Check and App Attest. Coordinates with Apple Security for entitlements.

Community

👁 Watch ✏️ Suggest Change

Loading comments...