Research suggests that half of mobile users do not take any steps to protect their devices, even when aware of the risks; and so-called operating system defenses are easily broken down. Mobile application developers need to be aware of this and should always assume that the devices their applications are running on have been - or will be - compromised and act accordingly.
Trust is key to this market. Numerous consumer surveys have suggested that security is the Number One concern for customers contemplating using their own mobile device to conduct Financial Transactions or to use Mobile Payment services (Contactless and in-app mPayments).
Unless the software managing these processes and the authentication on which they depend are able to operate safely regardless of the device state; compromises to the OS, Jailbreaking or Rooting and other platform vulnerabilities will allow illicit access to apparently secure apps and thus to Consumer and Corporate Data.
The traditional approach to securing mobile applications has been to rely on legacy perimeter defences - the Financial Institutions IT systems - despite the fact that the mobile application provides a path straight through those defences. Banks which have realised the weakness of Mobile Platforms have used legacy technologies (such as Root Detection or simple obfuscation) in an attempt to “protect” their applications. While offering some information and risk understanding, these technologies are quickly circumvented and cannot be relied upon.
The solution is to make mobile applications self-defending. Using strong binary protection and anti-tampering techniques as the foundation on which other security layers can be built. This allows the applications to run securely even when the underlying device has been compromised.
Inside Secure provides a powerful toolset to harden mobile applications, protecting the data and algorithms within. Financial Institutes are using Inside Secure's Core and WhiteBox technology to protect their mobile applications - both consumer m-banking applications and internal employee applications.
The unique automated nature of Inside Secure technology not only ensures that all developers can protect every app they create, the ability for Inside Secure to protect shared pre-compiled libraries (that can be supplied as an SDK) allows for components to be built once and shared across multiple development teams.
Inside Secure is your last line of defence and allows Enterprises, App Developers and IoT vendors to trust the only thing they can control - their own apps - protecting brand, reputation and customers.
Inside Secure delivers Core (Integrity Check System, Obfuscation) and WhiteBox (WhiteBox toolkit) combining these techniques into a comprehensive package of a Software Secure Element (SSE) that has been deployed in more than 400 million mobile applications to secure Mobile Financial, Entertainment and Mobile Payments services. These applications are regularly subjected to extensive penetration and attack testing by external security labs.