We secure your sensitive app data with Promon Asset Protection™

…so you can put your feet up

Avoid your app being compromised

Hardcoding app secrets directly into the source code is a common strategy for many app developers. This is, however, not enough to properly protect your secrets, and hackers can easily retrieve them by reverse engineering.

Implementing app asset protection early in the design phase is a device-agnostic way of securing your application while saving time and significantly reducing the total cost of ownership.

Protecting dynamic data within the app

Secure local storage (SLS) is a state-of-the-art security module that provides app developers with the ability to store app secrets, such as session tokens, personally identifiable information, API keys, and more, locally on the end-user device in a secure and encrypted manner, even if the device integrity is broken (e.g., rooted or jailbroken).

Created to keep your static app secrets safe

Static app secrets, such as certificates or keys that are needed for the security of your app’s operation, must be protected against extraction. Secure Application ROM (SAROM) is a unique solution that solves challenges such as:

  • Protecting specific assets in a published app
  • SAROM encrypts data in a secure manner to protect secrets such as API keys and certificates from theft
  • Secrets encrypted in SAROM are never accessible statically but dynamically decrypted when the app needs an asset

Why choose Promon to protect your app data

Securing sensitive app data is increasingly important when the app is released in commercial app stores. Storing sensitive app data within the app without proper protection can have huge consequences, and threat actors can reverse engineer the code and steal information.

When your app carries sensitive data, you should go beyond basic security to protect your app.

Proprietary EMVCo certified white-box backed solution
Cross-platform data vault
Developers don't need to be crypto experts
Trusted data storage even when a hardware-based secure enclave cannot be trusted or is not present