The COVID-19 pandemic has significantly increased the usage of mobile applications across various industries, leading development teams to prioritise security throughout the software development lifecycle. Given the complexity of secure mobile application development, teams use a variety of approaches to integrate security into a secure software development framework. A secure software development framework is structured into multiple phases and activities that guide development teams in creating secure mobile applications. These phases and activities enable teams to build the application incrementally, focusing on security at each step. Several secure development frameworks are available, including the Secure Software Development Lifecycle (S-SDLC), Secure Agile, and DevSecOps, each providing a framework for integrating security practices throughout the software development lifecycle.

There is a lack of clear guidance for software developers in ensuring the security of mobile applications. Traditionally, development teams rely on a combination of established software development best practices, team expertise, and informal processes accumulated over the years. Frameworks like OWASP, NIST, and MITRE ATT&CK, along with approaches like DevSecOps, can serve as solid foundations for embedding security in mobile application development. As software developers decide how and when various guidelines, standards and practices are applied to the different stages of the development life cycle, ad-hoc approaches emerge, leading to potential vulnerabilities in various stages of the development life cycle. While software development frameworks and best practices contribute to implementing technical security measures, they fail to address crucial aspects such as ensuring a team with security skills, standardised approaches to implement security for mobile applications and fostering collaboration across different companies. Ideally, the secure development of mobile applications requires a dedicated software development framework tailored to the specific security needs of mobile applications.

The research conducted in this thesis proposes a secure software development framework for mobile applications called Londoloza. The Londoloza framework stipulates phases and activities to assist development teams in creating secure mobile applications. The framework also provides various unique documents to assist organisations and development teams. In conclusion, an expert evaluation affirms that the Londoloza framework successfully meets the research objective, attesting to its effectiveness and alignment with the intended goals.