Application Protection and Security for Mobile Apps

What are the risks involved when releasing an app?

Unfortunately, not everyone who downloads your app has good intentions. In fact, some people have decidedly malicious intentions, and you won’t know that your app is in harm’s way until the damage is done. Public app stores are a veritable playground for attackers!

By starting with a debugger, attackers can reverse engineer virtually any app they download from a public app store. This allows attackers to determine how an application runs and do any number of things to wreak havoc.

For example, they can insert code into the application that enables them to steal user credentials, and then trick users into downloading and installing the modified version.

  • "75% of mobile breaches will be traced to mobile apps by 2017" - GARTNER

Common security threats to your mobile apps

COMPROMISED DEVICES

Users compromising their devices on purpose in order to gain additional capabilities like installing unauthorized apps, is a popular occurrence on mobile platforms.

When a device is jailbroken/rooted, crucial security mechanisms like mandatory code signing and sandboxing are deactivated, and thereby breaking the security foundation on which apps otherwise can rely upon.

REPACKAGING OF APPS

Repackaging an app means that an attacker obtains a copy of the app from the distribution platform (Google Play Store or App Store), adds malicious functionality to it, and then re-distributes it to users who believe that they are using a legitimate app or the original app

CODE INJECTION

In order to gain control of an app, attackers will often inject code into the app process to control it from within. This can, for example, be used to read decrypted SSL/TLS communication or to intercept user input, e.g. passwords.

KEYLOGGERS & SCREEN READERS

iOS automatically records user input in a so-called keyboard cache in order to improve its auto-correction feature. This can lead to sensitive information being accessible.

Android offers its users the possibility to install custom software keyboards. These keyboards are naturally being informed about every input the user makes on it and can be used by an attacker as a keylogger.

Apps often display sensitive information that should not be easily ex-filtrated from the app. One easy way to extract information from an app is in the form of a screenshot or by a screen reader.

 

REVERSE ENGINEERING

Debuggers can be used during runtime of the app to extract sensitive information, alter the program flow and help attackers reverse engineer the app.

As with debuggers, emulators can be used to analyze an app to determine how it works and to extract sensitive information that is available while the app is executed.

 

OVERLAY ATTACKS

An overlay attack happens when an attacker places a window over a legitimate application on the device.

Users will interact with the window, thinking they are performing their intended function, but they are actually engaging with the attackers overlay window and executing the attacker’s desired function.

App Shielding is crucial to preserve and improve your business reputation!

These attacks can have devastating consequences. User data can be stolen, putting businesses at risk of regulatory compliance violations and bad publicity. Financial fraud can be committed, resulting in lost revenue. And, of course, there’s the loss of customer and shareholder trust, all having the eventual impact of brand reputation. If the attack goes on long enough, a business could sustain irreparable damage.

About Promon SHIELD™

PROTECT

Impede attackers’ attempts to reverse-engineer and modify your app. With strong encryption and code obfuscation, Promon SHIELD™ render your apps’ code useless to miscreants – making it more difficult for them to spoof your app, tamper with its security controls or perform other nefarious activities.

Code obfuscation
App binding
Repackaging detection
App communication
TLS certificate pinning
Client authentication using a client-certificate
Identifying the app/device as an authentication factor
Store data encrypted inside the app
Binding the data to be encrypted to the device
Whitebox cryptography
App Management Solution
Trusted binding between a user, an app and the device
Making the app trusted without external security tokens
Registration / activation – securely pair the app / device with the user.

DETECT

Monitor your mobile app’s runtime behavior. Detect whether the app is executing in an insecure environment such as on a rooted (Android) or jailbroken (iOS) device. Mitigate the risks of overlay attacks, debuggers, emulators, and other means by which attackers examine, penetrate, and compromise a mobile app.

Ensure app is running in safe environment
Debugger detection
Jailbreak / Root detection
Emulator detection
Ensure app is not altered or tampered with (e.g. by malware) at runtime
Checksum
Overlay Detection
Resource verification
Hook detection

REACT

Upon detecting malicious activity, an app protected by Promon SHIELD™ will modify its behavior in real time to interrupt potential attacks. Response actions include blocking execution of injected code, notifying security administrators, and terminating the infected app to stop the execution of a compromised app.

Shutdown (Exit / Fail)
Integrity checking
Custom reactions
Screenshot detection / blocking
Anti keylogging
Anti screenreading
Alert / reporting
Blocking external screens
Prevent brute force decryption of sensitive information
Easy deployment!

You can easily turn your apps into a self-protecting app. Your Android or iOS apps can be quickly uploaded and secured in minutes by using our integration tool, or an SDK that is easily integrated into the app. Once secured, the app is immediately ready for distribution via public app stores.

Easy deployment