Get a demo

Security News

Introducing Promon SDK Protection™: Robust obfuscation and runtime controls for SDKs

By Nico Fort April 03, 2024 03:30 pm

SDK Protection is a post-compile solution that secures software development kits (SDKs) without impacting development cycles. It shields your SDKs — and the apps that rely on them — from reverse engineering, tampering, and unauthorized access.

SDKs are essential for rapid application development. However, as dependence on SDKs grows, so do the associated security risks. Malicious actors are constantly looking for vulnerabilities to exploit. And just one compromised SDK can lead to widespread security breaches — disrupting operations, violating compliance mandates, and potentially causing irreparable harm to your brand’s reputation.

To put things a little more in perspective; if a single exploit affects, say, 10 SDKs, it can impact the 100 apps built on those SDKs, and have implications for countless end-users too. So while SDKs are essential for rapid application development, as dependence on them grows, so do the associated security risks.

That’s where Promon comes in. We’ve been on a mission to make mobile apps safer since 2006. And now we’ve leveraged our expertise in runtime application self-protection (RASP), code obfuscation, and mobile app security to develop Promon SDK Protection™ specifically for SDK producers.

Want to learn more about SDK Protection? Download the product brochure.

The evolving threat landscape

The average mobile app today incorporates about 30 SDKs, with a whopping 90% of code sourced from third parties. While this boosts productivity and time-to-market, it also raises critical security concerns that can’t be overlooked.

The apps that rely on SDKs are constantly facing security risks that can open up SDKs to threats. But the risks don’t stop there. SDK producers must comply with an ever-growing list of regulations like eIDAS 2.0, DORA, and PSD2 — and compliance isn’t exactly optional.

SDK Protection addresses the security gap between mobile apps and SDKs and helps you stay compliant.

Unparalleled obfuscation and runtime protection

How does it work? SDK Protection delivers a combination of code obfuscation and runtime security protections, ensuring comprehensive protection. At the heart of SDK Protection lies our cutting-edge obfuscation engine, Promon Jigsaw, which seamlessly integrates with your SDKs’ compiled code.

This powerful obfuscation component effectively obscures the code, frustrating attempts to reverse engineer or modify your SDKs without authorization. We use a number of code obfuscation techniques to make your SDKs’ logic and data virtually impossible to tamper with or decipher, including:

  • Section encryption (native and Java code)
  • Control flow abstraction
  • Integrity checking
  • Debug stripping
  • Block splitting
  • Renaming (Java and Kotlin code)

SDK Protection also layers on a suite of RASP controls that actively monitors for active threats on customer devices when the host application is running. Jailbroken/rooted devices get detected and defused. Any hooking frameworks or code injection attempts get safely neutralized in memory before they can cause damage. Untrustworthy debuggers are promptly dismissed. And when a threat is spotted, the RASP engine can be configured to automatically crash the host app, execute custom incident response routines, and log details for your team to analyze — all while keeping end-users safe. This multi-layered approach helps your intellectual property remain secure, both at rest and at runtime.

Easy deployment, seamless integration

It goes without saying that time-to-market can make or break the success of your SDK offerings and impact your customers’ success. However, speed often comes at the cost of compromised security, leaving your intellectual property and the applications integrating your SDKs vulnerable to threats.

Our post-compile approach is designed for hassle-free deployment and seamless integration. Using a simple and intuitive command-line tool, you can effortlessly leverage SDK Protection without the need for extensive training sessions or costly retooling efforts. Your team can focus on core development activities while we focus on security, saving you time and resources.

Tailored solutions for your industry

Promon SDK Protection™ is designed to cater to the unique security requirements of various industries, each with its own set of challenges and regulatory landscapes. While the solution isn’t limited to a specific industry, some applications include:

  • Public sector: SDK Protection ensures data security in government solutions, regulatory compliance, and secure communication tools. It protects sensitive information like biometric data and enables secure user identification for accessing confidential government services.
  • Gaming industry: For most players, a fair game is key. That’s why SDK Protection prevents the creation of cheats or mods in games built on gaming SDKs. Of course, that’s not it’s only application. SDK Protection makes reverse engineering a lot more challenging, ensures game integrity, and enforces license compliance. It also secures proprietary game mechanics and intellectual property.
  • Streaming industry: Content broadcasters are bound by regional constraints, broadcasting schedules, and a number of other obligations to the content providers. And where there are obligations, there are consequences. SDK Protection secures user data, content, application logic, and more to help keep hefty penalties at bay.
  • Finance and banking: Regulations like PSD2 and the upcoming PSD3 place increased pressure on the industry to provide a high-quality supply chain for critical apps. We’ve already seen the Strong Customer Authentication and e-IDAS requirements, with the latter followed up by ARF specifications demanding a high level of protection for applications and SDKs. SDK Protection can help secure the software supply chain in line with compliance standards.

Future-proof your security posture

With cybercrime on the rise and tighter regulatory controls, SDK security is no longer optional. Whether your SDKs power banking apps, mobile games, or critical enterprise workflows, you’re sitting on too much sensitive data and intellectual property to leave things to chance.

Promon SDK Protection™ provides the comprehensive shielding your software demands. Our agile roadmap is committed to rapidly releasing support for new platforms and architectures, so you can secure your SDKs, your brand, and your business.

Looking for a little more detail? Download a copy of our product brochure!