The BSI security requirements for eHealth apps make up a useful checklist for both CISOs and developers. App shielding helps you comply with the requirements.

The German Federal Office for Information Security’s (BSI’s) security requirements for eHealth apps are designed to assist developers in developing secure mobile apps. It identifies pressing cybersecurity risks, and recommends organisational security measures to address these. The risks include, amongst others, the possibility of identifying unprotected data structures by means of reverse engineering, unauthorised access to sensitive data, and insufficiently encrypted data transfers.

The publication divides security objectives into 11 categories. Here’s an excerpt from the required list of measures:

• Security functions must always be implemented, both in the app and in the backend, as well as on all external interfaces and API endpoints
• Apps must implement strong measures against reverse engineering, and may use obfuscation measures such as code obfuscation and string encryption
• Apps must identify rooted or jailbroken devices, and respond appropriately
• App source code must be protected from unlawful alterations
• Apps must reliably detect and prevent starting in a debug environment
• All sensitive data must be stored in an encrypted form, and in an environment that’s protected against access and tampering

App shielding aids compliance with the BSI requirements

A comprehensive app shielding solution helps you comply with many of the BSI requirements. The multi-layered protection mechanisms of app shielding safeguard sensitive data, protect your code, and importantly, also offer protection against runtime cyberattacks. 

Protection and storage of sensitive data, such as patient data, encryption keys or backend API keys, requires state-of-the-art technology. With an app shielding solution, and security features like Secure Local Storage (SLS), sensitive app data is protected against static attacks on user devices, or within the app itself. App shielding also protects your code, and prevents your app from being reverse engineered, repackaged or decompiled. Utilising code protection combined with the multi-layered runtime protection features of app shielding will make your app less prone to intrusion, tampering, and malware attacks.

Are you interested in learning more? Book a free demo with one of our security experts, and get advice on how you can meet the BSI compliance requirements.