CCPA and mobile app security
The California Consumer Privacy Act (CCPA) is a comprehensive consumer protection law which has been in effect since the beginning of 2020. The CCPA applies to for-profit entities doing business in the state of California. But even if your business does not do business in California, now is the time to act – since the CCPA went into effect, 15 other states have introduced privacy legislation. There have also been proposals at the federal level. This means that businesses need to consider how they store user data to ensure compliance.
The CCPA offers a broad definition of Personally Identifiable Information (PII). Applications that handle any sort of PII should investigate ways to secure that data to avoid data breaches. PII is information that, when used alone or with other relevant data, can identify an individual.
What happens if you are not compliant?
If you are in violation of the CCPA, you risk fines of $2,500-$7,500 for each record
from regulators. Additionally, the bill allows consumers to sue a company if they have had their privacy rights violated.
Even more costly than the fines is the potential loss of brand reputation, which can have lasting long-term consequences.
Make your mobile app CCPA compliant
When it comes to app security, the CCPA requires businesses to follow “reasonable practices and procedures” to avoid a data breach. Data breaches often happen because malicious actors find ways into a company’s server and uncover PII from the database. Mobile apps can be an entry point into your database. To deter malicious actors, it’s important to make it difficult to scrape data from your app
Root and jailbreak detection
Rooting or jailbreaking a device opens the door for malicious actors to access the application code, modify it, inject malware, or repackage the app. To protect your app from this, you should have robust root/jailbreak detection.
Strandhogg is an example of a serious Android vulnerability which can exploit both rooted and unrooted devices. Read more here.
Prevent application repackaging and reverse engineering
If an attacker gains access to your app code, they can modify it (for example by adding malware), repackage the app and spread it to trick users into downloading the illegitimate app in place of your original app. You should therefore take steps to protect your app code so that it cannot be repackaged. Another reason why you should protect your app code is to prevent reverse engineering to lift existing security controls.
Once Promon SHIELD™ security controls are implemented, hackers cannot remove them, even if the app is repackaged.
Detection for keylogging and screen reading
Keyloggers and screen readers are types of spyware that can be injected into an app. They are used to capture input from the user, typically PII such as banking details and passwords.
Prevent scraping of data on the client device by hardening your app code – this protects your users’ credentials and blocks malware techniques designed to spy on user input.
Strong code obfuscation
Code obfuscation is a way of modifying an app’s code to make it difficult for attackers to read and understand, should they gain access to it. The method conceals the logic and purpose of your app’s code, while keeping its functionality.
This makes it harder for attackers to perform reverse engineering, analyze the code, and retrieve sensitive information.
Certificate pinning
When using SSL technology, data is encrypted through the operating systems. Relying on this leaves the door open for attackers to hook these functions in the operating system and get access to user data.
Employ certificate pinning to ensure that your deployed app instances are talking to a valid server at all times.
Secure sensitive app data
Securing sensitive app data is increasingly important when the app is released in commercial app stores. Storing sensitive app data within the app without proper protection can have huge consequences, and threat actors can reverse engineer the code and steal information.
When your app carries PII, you should go beyond basic security and add a white-box-backed software safe to protect sensitive information within the app.
Application shielding supports CCPA compliance
App shielding is a comprehensive solution, giving your app layers of security to avoid tampering, malware, reverse engineering, and more.
Our multi-layered approach adds complexity to how we protect your app. Through employing heuristic algorithms, Promon SHIELD™ is able to defend against both known attacks and future attacks. This will prevent threats such as zero-day attacks, which exploit unknown flaws in your application code.
Promon SHIELD™ is a best in class app shielding software which provides your app with the security you need to avoid data breaches – defending your app against both known and future attacks. The solution is easy to integrate with your programming language of choice, and only takes minutes to deploy.