Mobile App Security
Mobile applications are the preferred method for people and enterprises to gain access to critical services. It is also a key management tool for the Internet of Things (IoT). This means that sensitive personal and business information can be improperly accessed, stored and managed on a growing range of devices. Inside Secure provides security solutions so mobile app developers can effectively protect their applications.
Mobile application: The backdoor for hackers
Mobile applications are quickly proving to be the most effective method for connecting to critical services and being used as a management tool in the context of the "Internet of Things" (IoT). Personal and business information is accessible, stored and handled on a broad range of devices.
Criminals are aware of the value of this data – which affects a wide range of industries and sectors. These criminals are intelligent and highly resourceful and able to exploit weaknesses in platforms, operating systems and applications.
Research suggests that as many as half of mobile app users do not take any steps to protect their devices, even when aware of the risks, and so-called operating system defenses are easily broken down.
Markets linked to the future adoption and growth of the Internet of Things that are at risk include:
- Mobile Health
- Mobile Enterprise & BYOD
- Automotive Management and Security
- Mobile ID and Government systems
- Home Automation and Security
- IoT devices and networks
Application developers should always assume that their applications will be running on devices that have been - or will be - compromised and make sure applications can protect themselves.
Contrary to popular understanding, afterthought solutions to protect Apps, such as wrappers, malware detection and root detection do not work in these highly-varied mobile platforms and are impossible to apply to embedded IoT devices.
There are several reasons for this:
- such detections work on a blacklist model - they search for known problems. This makes it an arms race and one the hackers are winning simply by using unknown and unanticipated techniques.
- users react badly to applications forcing restrictions on how they can use their phone - some users legitimately want to “root” their phone, others do not want to be made to install anti-virus software.
- technology developed for server or desktop networks and applications is rarely transferable to highly open devices like smartphones or to restricted instances such as IoT devices.
Security at an early stage in the design process
To protect employers and users, mobile application developers need to consider security early in the development process. To do that they need to ensure that the following have been applied to their applications to secure them from any potential leak of sensitive data:
- Code integrity checks: prevents any unauthorized changes to the mobile app.
- Code obfuscation: hides critical and sensitive portions of a mobile app.
- Whitebox cryptography: enables secure encryption and data storage on any platform
- Processor native code: provides a solid foundation from which to build the security layers.
Inside Secure delivers Core (Integrity Check System, Obfuscation) and WhiteBox (WhiteBox toolkit) combining these techniques into a comprehensive package of a Software Secure Element (SSE) that has been deployed in more than 400 million mobile applications to secure Mobile Financial, Entertainment and Mobile Payments services. These applications are regularly subjected to extensive penetration and attack testing by external security labs.