Call Us: (301) 968-4290
Mobile App Protection
Secure Mobile Apps from Attack Anytime, Anywhere
As enterprises and consumers are rapidly going mobile via smart phones, net books and tablets, so are their applications. And so are the hackers.
Mobile Apps are Vulnerable
Attacks against all major mobile platforms - including Android, Apple iOS and Blackberry – are growing both in number and in sophistication. Hackers see a growing and relatively easy target in mobile apps to compromise code, data and the device itself. Apps are vulnerable to malware injection, software piracy, and theft of intellectual property. Developers are threatened by loss of revenue from reverse engineering, piracy and malware injection. Carrier and device maker business models are also at risk, for instance from jailbreaking.
Android is Even More Vulnerable
Being a largely an open-source platform, Android is trivial to reverse engineer. And most Android apps often rely on system libraries or managed components that are either open source or easily disassembled. What’s more, there are very few anti-tamper and anti-piracy components available for the Android Market, and none of them offer adequate robustness on their own. This makes exploits relatively easy to craft and disseminate.
Secure Mobile Apps from Attack
Publishers of mobile applications, whether enterprises or small businesses, must guard applications INTERNALLY with layered protections, using a variety of security techniques so they are resistant to attack. Implement protections such that you:
- Ensure proper compensation for access to/usage of your application
- Ensure that sensitive data (perhaps under legislative protection) is not inadvertently compromised, and all appropriate hardening standards are met.
- Ensure your application isn’t hacked with malware and re-published under your brand
Arxan Protects Android & Mobile Apps
We offer multi-layered protection which includes a variety of protection technologies including anti-debug, self-healing and anti-tamper to ensure durability in the field. Learn more about EnsureIT for Android, and see how it can address your Android application security needs such as those outlined below.
Security Threats to Android Applications
| Recommendation/Feature | Functionality | Threat |
| Application must be signed by developer | Signature is verified at run-time to check app integrity | Signatures can be forged by replacing both public key and hash |
| License Verification Library | Ensures an application is properly purchased before it will run | Simple hack to disable the verification, thus allowing application piracy |
| AT&T’s Android limits downloads to Android market applications, and disallows deletion of pre-loaded applications | Aims to ensure that only legitimate applications are acquired, and watchdog applications remain functional | Jailbroken phones will bypass these measures. Also, walled gardens may be broken through application development errors. |
| Kill and push | Disable malware, and push desirable updates | Kill message can be blocked, and push feature may be misused. |
| Applications request functional capabilities upon installation | User has visibility into the extent of resources and privilege the application will have | No active policing to ensure application is behaving only with the resources it has access to. Applications (including compromised applications) can even request to “brick” the phone! |
