Application Protection and Security for Mobile Apps

What are the risks involved when releasing an app?

Unfortunately, not everyone who downloads your app has good intentions. In fact, some people have decidedly malicious intentions, and you won’t know that your app is in harm’s way until the damage is done. Public app stores are a veritable playground for attackers!

By starting with a debugger, attackers can reverse engineer virtually any app they download from a public app store. This allows attackers to determine how an application runs and do any number of things to wreak havoc.

For example, they can insert code into the application that enables them to steal user credentials, and then trick users into downloading and installing the modified version.

"75% of mobile applications would fail basic security tests." - GARTNER

Common security threats to your mobile apps

COMPROMISED DEVICES

Some users compromise their devices on purpose in order to gain additional capabilities, like installing unauthorized apps. This is a popular occurrence on mobile platforms.

When a device is jailbroken/rooted, crucial security mechanisms like mandatory code signing and sandboxing are deactivated. They thereby break the security foundation on which apps otherwise can rely upon.

REPACKAGING OF APPS

Repackaging an app means that an attacker obtains a copy of the app from the distribution platform (Google Play Store or App Store), adds malicious functionality to it, and then re-distributes it to users who believe that they are using a legitimate app or the original app

CODE INJECTION

In order to gain control of an app, attackers will often inject code into the app process to control it from within. This can, for example, be used to read decrypted SSL/TLS communication or to intercept user input, e.g. passwords.

KEYLOGGERS & SCREEN READERS

iOS automatically records user input in a so-called keyboard cache in order to improve its auto-correction feature. This can lead to sensitive information being accessible.

Android offers its users the possibility to install custom software keyboards. These keyboards are naturally being informed about every input the user makes on it and can be used by an attacker as a keylogger.

Apps often display sensitive information that should not be easily ex-filtrated from the app. One easy way to extract information from an app is in the form of a screenshot or by a screen reader.

REVERSE ENGINEERING

Debuggers can be used during runtime of the app to extract sensitive information, alter the program flow and help attackers reverse engineer the app.

As with debuggers, emulators can be used to analyze an app to determine how it works and to extract sensitive information that is available while the app is executed.

OVERLAY ATTACKS

An overlay attack happens when an attacker places a window over a legitimate application on the device.

Users will interact with the window, thinking they are performing their intended function, but they are actually engaging with the attackers overlay window and executing the attacker’s desired function.

App Shielding is crucial to preserve and improve your business reputation!

These attacks can have devastating consequences. User data can be stolen, putting businesses at risk of regulatory compliance violations and bad publicity. Financial fraud can be committed, resulting in lost revenue. And, of course, there’s the loss of customer and shareholder trust, all having the eventual impact of brand reputation. If the attack goes on long enough, a business could sustain irreparable damage.

About Promon SHIELD™

PROTECT

Impede attackers’ attempts to reverse-engineer and modify your app. Promon SHIELD™ makes it more difficult for attackers to spoof your app, tamper with its security controls or perform other nefarious activities.

Obfuscation (to prevent attackers to reach the code itself – as well as to prevent attackers from removing this very protection.)

App binding

Repackaging detection

App communication

TLS certificate pinning

Client authentication using a client-certificate

Identifying the app/device as an authentication factor

Store data encrypted inside the app

Binding the data to be encrypted to the device

Whitebox cryptography (additional feature)

DETECT

Monitor your mobile app’s runtime behavior. Detect whether the app is executing in an insecure environment such as on a rooted (Android) or jailbroken (iOS) device. Mitigate the risks of overlay attacks, debuggers, emulators, and other means by which attackers examine, penetrate, and compromise a mobile app.

Ensure app is running in safe environment

Debugger detection

Jailbreak / Root detection

Emulator detection

Ensure app is not altered or tampered with (e.g. by malware) at runtime

Checksum

Overlay Detection

Resource verification

Hook detection

REACT

Upon detecting malicious activity, an app protected by Promon SHIELD™ will modify its behavior in real time to interrupt potential attacks. Response actions include blocking execution of injected code, notifying security administrators, and terminating the infected app to stop the execution of a compromised app.

Shutdown (Exit / Fail)

Integrity checking

Custom reactions

Screenshot detection / blocking

Anti keylogging

Anti screenreading

Alert / reporting

Blocking external screens

Prevent brute force decryption of sensitive information

Easy deployment!

You can easily turn your apps into a self-protecting app. Your Android or iOS apps can be quickly uploaded and secured in minutes by using our integration tool, or an SDK that is easily integrated into the app. Once secured, the app is immediately ready for distribution via public app stores.

Get a Free demo