In-App Protection and Security for Mobile Apps

What are the risks involved when releasing an app?

Cybercriminals are targeting the mobile channel more aggressively than ever before, and app developers must take a proactive approach to app security to combat this new aggression. The number of mobile malware attacking users of mobile devices is increasing rapidly each year. At the same time, malicious apps continue to be distributed on 3rd party app stores and frequently slip under the radar on the official app stores.

Tackling the multi-faceted challenge of developing a successful mobile app is no easy feat, and developers must contend with pressures from every direction. It is imperative to get an app built, tested, and published as quickly as possible. However, in the rush to market, app security cannot be overlooked.

When releasing a mobile app, one cannot be sure who will download it or the conditions of the device on which the app will be used. If a device is compromised with mobile malware, then your app is at risk!

  • "75% of mobile applications would fail basic security tests." - GARTNER

Common security threats to your mobile apps

COMPROMISED DEVICES & MALICIOUS APPS

Malicious apps exist on the app stores waiting to be downloaded so they can steal personal information, inject malicious code into the mobile device or another app, or otherwise take advantage of an unsuspecting user.

Some users also compromise their devices on purpose in order to gain additional capabilities, like installing unauthorized apps. This is a popular occurrence on mobile platforms.

When a device is jailbroken/rooted, crucial security mechanisms like mandatory code signing and sandboxing are deactivated. They thereby break the security foundation on which apps otherwise can rely upon.

REPACKAGING OF APPS

Repackaging an app means that an attacker obtains a copy of the app from the distribution platform (Google Play Store or App Store), adds malicious functionality to it, and then re-distributes it to users who believe that they are using a legitimate app or the original app

CODE INJECTION

In order to gain control of an app, attackers will often inject code into the app process to control it from within. This can, for example, be used to read decrypted SSL/TLS communication or to intercept user input, e.g. passwords.

KEYLOGGERS & SCREEN READERS

iOS automatically records user input in a so-called keyboard cache in order to improve its auto-correction feature. This can lead to sensitive information being accessible.

Android offers its users the possibility to install custom software keyboards. These keyboards are naturally being informed about every input the user makes on it and can be used by an attacker as a keylogger.

Apps often display sensitive information that should not be easily ex-filtrated from the app. One easy way to extract information from an app is in the form of a screenshot or by a screen reader.

REVERSE ENGINEERING

Debuggers can be used during runtime of the app to extract sensitive information, alter the program flow and help attackers reverse engineer the app.

As with debuggers, emulators can be used to analyze an app to determine how it works and to extract sensitive information that is available while the app is executed.

OVERLAY ATTACKS

An overlay attack happens when an attacker places a window over a legitimate application on the device.

Users will interact with the window, thinking they are performing their intended function, but they are actually engaging with the attackers overlay window and executing the attacker’s desired function.

In-App Protection is crucial to preserve and improve your business reputation!

These attacks can have devastating consequences. User data can be stolen, putting businesses at risk of regulatory compliance violations and bad publicity. Financial fraud can be committed, resulting in lost revenue. And, of course, there’s the loss of customer and shareholder trust, all having the eventual impact of brand reputation. If the attack goes on long enough, a business could sustain irreparable damage.

About Promon SHIELD™

PROTECT

Impede attackers’ attempts to reverse-engineer and modify your app. Promon SHIELD™ makes it more difficult for attackers to spoof your app, tamper with its security controls or perform other nefarious activities.

Obfuscation (to prevent attackers to reach the code itself – as well as to prevent attackers from removing this very protection.)
App binding
Repackaging detection
App communication
TLS certificate pinning
Client authentication using a client-certificate
Identifying the app/device as an authentication factor
Store data encrypted inside the app
Binding the data to be encrypted to the device
Whitebox cryptography (additional feature)

DETECT

Monitor your mobile app’s runtime behavior. Detect whether the app is executing in an insecure environment such as on a rooted (Android) or jailbroken (iOS) device. Mitigate the risks of overlay attacks, debuggers, emulators, and other means by which attackers examine, penetrate, and compromise a mobile app.

Ensure app is running in safe environment
Debugger detection
Jailbreak / Root detection
Emulator detection
Ensure app is not altered or tampered with (e.g. by malware) at runtime
Checksum
Overlay Detection
Resource verification
Hook detection

REACT

Upon detecting malicious activity, an app protected by Promon SHIELD™ will modify its behavior in real time to interrupt potential attacks. Response actions include blocking execution of injected code, notifying security administrators, and terminating the infected app to stop the execution of a compromised app.

Shutdown (Exit / Fail)
Integrity checking
Custom reactions
Screenshot detection / blocking
Anti keylogging
Anti screenreading
Alert / reporting
Blocking external screens
Prevent brute force decryption of sensitive information
Easy deployment!

You can easily turn your apps into a self-protecting app. Your Android or iOS apps can be quickly uploaded and secured in minutes by using our integration tool, or an SDK that is easily integrated into the app. Once secured, the app is immediately ready for distribution via public app stores.

Easy deployment