Security software glossary

Vulnerable mobile devices and the prevalence of the Internet of Things (IoT) have created an urgent need for application hardening. By implementing hardening measures, you protect your apps against reverse engineering, tampering, and malware attacks

Read more about application hardening and the different methods of protecting your app. 

Application shielding should be your first line of defence when securing your apps. Key benefits include protection from the inside out, reduced risk of attacks, and real-time adjustments to stop potential attacks.

Learn more about how application shielding works and how it safeguards your application. 

App tampering refers to unauthorized modifications made to an application’s code or operational environment to alter its behavior, bypass security measures, or manipulate its functions. This can include changes to the application's binary, the injection of malicious code, or modifications to its runtime environment.

Learn more about app tampering.

Certificate pinning is a security technique that increases secure communication over the TLS (Transport Layer Security) protocol, like HTTPS. It ties a chosen TLS certificate or public key exclusively to the API server, allowing the application to reliably confirm the server's identity each time it connects.

Read more about certificate pinning and how it ensures an additional layer of security and server communication integrity.

Developers use code obfuscation techniques to prevent cybercriminals from decompiling and reverse engineering source code. There are various types of obfuscation techniques which when combined with runtime protection make your app safer.

Read more about how code obfuscation protects an app’s source code.

Device cloning is the unauthorized duplication of a mobile device's identity attributes used to create a copy of the original device. It allows malicious actors to impersonate the original device's owner, potentially leading to identity theft and fraud.

Learn more about device cloning.

Encryption converts your sensitive plaintext data into a coded ciphertext that can only be read by someone with the proper decryption key. This prevents unauthorized access and ensures that even if data is intercepted, it cannot be deciphered without the decryption key.

Read more about how encryption works and what makes an encryption algorithm strong.

Hooking frameworks let you intercept and modify a mobile application’s behavior at runtime. While commonly used for debugging, testing, and performance monitoring, they also come with significant risks if exploited.

Read more about hooking frameworks and how to mitigate associated risks.

Jailbreaking is the process of exploiting vulnerabilities in a device's software to remove manufacturer-imposed restrictions. This allows the user to gain root access to the operating system, enabling the installation of third-party applications, custom firmware, and other modifications not officially sanctioned by the device manufacturer.

Read more about jailbreaking.

Keylogging, short for "keystroke logging," is a method of secretly recording keystrokes made on a computer or other input device, like a keyboard. Malicious software use it to track and monitor user activity without their knowledge or consent to capture sensitive information.

Learn more about keylogging.

Malware is any malicious software designed to harm or exploit devices, often stealing sensitive information or disrupting services. On mobile platforms, it can take the form of ransomware, trojans, or spyware, making security measures essential.

Read more about how malware impacts mobile devices and how to stay protected.

A malware injection inserts malicious code into your apps to steal data and impact performance. Malicious actors inject malware by exploiting vulnerabilities, tampering app code, and using compromised development tools.

Read more about the signs and symptoms of an injection attack and the security measures to prevent malware injection into your apps.

As applications are progressively connected to the cloud and are available over various networks, they are increasingly vulnerable to security threats and breaches. The evolving cybersecurity landscape requires businesses to protect their apps from the inside out.

Read about mobile app security technologies and best practices.

Penetration testing simulates cyberattacks to identify vulnerabilities before attackers can exploit them. It helps strengthen the security of mobile apps and systems by assessing how they can be breached and provides actionable insights for fixing weaknesses.

Read more about how penetration testing enhances mobile app security.

Repackaging a mobile app is the malicious practice of modifying legitimate apps to include harmful elements like malware. It involves accessing the app's source code, inserting malicious code, and redistributing.

Find out more about repackaging, if iOS apps are less susceptible to this than Android apps, and how you can prevent your app from being repackaged.

Security researchers reverse engineer code to map security risks, understand malicious applications and disrupt them. Researchers are not the only ones doing this. Bad actors also want to find flaws and vulnerabilities through reverse engineering. Potential impacts include intellectual property theft, reputational damage, identity theft, and compromised backend systems.

Learn more about reverse engineering techniques and how to protect your mobile apps. 

Rooting refers to gaining root access or administrative privileges on an Android device, like access to commands, system files, and folder locations usually locked off. This allows users to overcome limitations imposed by the device manufacturers or carriers, enabling the modification of system settings and installation of apps that require root access. Rooting can enhance device functionality but also poses significant security risks.

Read more about rooting.

One way of dealing with cyber threats is to let your apps protect themselves. By using runtime protection, your apps can surround themselves with a shield that identifies and blocks cyberattacks in real-time.

Read more about how runtime application self-protection makes your apps protect themselves. 

Sideloading allows you to install apps from sources outside the official app stores, bypassing security checks. While it gives you access to apps not available in your region, it also increases the risk of malware and other security threats.

Read more about how sideloading affects your device’s security.

Software development kits (SDKs) are toolsets that help developers create apps on platforms like iOS or Android. They provide building blocks, like code libraries and API interfaces to integrate native device functionalities and third-party services.

Read more about what is an SDK, its components and how to secure it.

Tokenization involves taking a piece of sensitive data and replacing it with a randomly generated string, called a token. This token has no relation to the original data outside of the secure tokenization system.

Read more about how tokens are generated and how tokenization can help protect your apps.

Every application that processes encrypted information uses cryptographic keys to decrypt and encrypt incoming and outgoing data. Hackers can easily lift unprotected keys through reverse engineering, memory analysis, side-channel attacks, and other techniques. This is where white-box cryptography comes in.

Read more about how white-box cryptography technology embeds secret keys.