Mobile app security for retail apps

Mobile apps with an e-commerce component are increasingly targets of fraud and breaches. Protect your customers’ data with app shielding.

Keep sensitive customer data secure and protect your app’s integrity

When should retail providers consider application shielding for their mobile apps?

  • If the app carries sensitive data or can be used for transactions
  • If the app is public and published in a commercial app store
  • If a significant portion of the app’s software logic resides on the device

According to Verizon, 43% of companies report cutting corners when it comes to security – most often because of expediency and convenience. If retailers sacrifice security for speed, it can leave apps exposed to cybercriminals, which can result in significant business implications, loss of customer data, and ultimately loss of brand reputation.

Deep application security, with no impact on end-user experience

We know that user experience is the alpha and omega for retail apps. If your app is your most important revenue source, application security should be your top priority. However, some types of advanced security can slow down the app, which can be detrimental to user experience and thus negatively affect brand reputation and app store ratings.

Promon SHIELD™ offers deep app security, shielding the app both while at rest and during runtime, and has no impact on user experience. This means that you can offer your users the best data security on the market, while still enjoying a quick and responsive app.

Another advantage that benefits your users, is our seamless and automated integration tool. You can install Promon SHIELD™ within a matter of minutes, giving your developers valuable time back to focus on shipping updates and focusing on innovating new features.

The most common threats against retail apps

  • Fraudulent use of payment card data
  • Account takeover
  • Malware, phishing, or man-in-the-middle attacks
  • Loss of unencrypted data

The consequences without proper app shielding

  • Loss of revenue and customers
  • Reputational damage to your brand and app store ratings
  • Costly fines from government due to failed compliance with regulations
  • Unplanned work disrupting release cycles will slow down innovation

How application shielding protects your retail app

Code obfuscation

Code obfuscation will help conceal the logic and purpose of an app’s code, while still keeping its functionality. By using obfuscation methods, it will be more difficult for an attacker to perform reverse engineering, analyze the code, and retrieve sensitive information.

Root- and jailbreak detection

Mobile owners may root or jailbreak their device for perfectly innocent reasons, but running a retail app in such an environment makes the app vulnerable to rogue apps that could access the application, its data, credentials, and cryptographic keys. All apps should be able to detect a jailbroken or rooted device to protect itself. 

Emulator detection

Emulators allow applications to be run on a virtual device on computers and can be used to gain insight into how they function. Emulator detection prevents applications from being executed on virtual devices.

Anti-tampering mechanisms

Attackers might try to tamper with your app by asking users for sensitive information, install root kits and backdoors or inserting malware that steals information. Anti-tampering detects unauthorized changes in the code by using techniques such as integrity checking and triggers a defense response such as blocking access or shutting the app down.

Secure Local Storage

A security feature that provides app developers with the ability to store app secrets, such as session tokens, personally identifiable information, API Keys, and more, locally on the end-user device in a secure and encrypted manner, even if the device integrity is broken.

Keylogger and screen reader prevention

Keylogger software monitors and records every key pressed on an infected device’s keyboard. It then sends it to a remote location controlled by the attacker. In this way passwords, credit card details, and other valuable information can be extracted. With application shielding, user credentials, such as usernames, passwords, PINs, and other inputs are safe. Malware techniques are blocked and cannot spy or fetch user inputs using keylogging, screenshots, or screenreader techniques.

What our customers say

We’re using Promon SHIELD™ due to Promon’s outstanding services. We’ve been impressed by the support provided by their engineers, and how fast and easy the integration process is.

Paul Ruy

CTO, Blockware

We looked at a number of vendors, but chose Promon as all the staff we dealt with had deep knowledge of the product. We also got to speak directly with the members of Promon’s development team. Having direct access to developers at Promon allowed us to resolve problems quickly.

Keith harrison

Head of software development, Nude

We especially liked Promon’s innovative approach to protecting the application instead of the whole system.


Head of development, Star Finanz