SOLUTIONS
Application Protection
solutionsectionheaderimage

Mobile Application Integrity Protection

Enterprise-Grade Mobile App Shielding Technology

The Threatscape
Mass adoption of mobile devices has given birth to “App Economy” which drives new business models and revenue streams across many industries. Enterprises seek to differentiate themselves with mobile offerings to provide easy access to products or services. But the same ease and convenience mobility brings now provides a fresh vector for attackers.

Protecting mobile apps poses a major challenge.  Unlike “traditional” application deployments, mobile applications reside outside the network firewall, with a spectrum of devices supporting an array of platforms.  Jail breaking, the growing norm, yields unauthorized users having root access to the device software.  Even a flawlessly coded application will be a target tampering and reverse-engineering attacks which include:

  • Bypassing Security Controls such as authentication, encryption, license management or digital rights controls.
  • Conducting fraud.
  • Disseminating malware.
    • Unlocking or modifying application functionality.
    • Stealing source code or intellectual property.
    • Software Piracy.

The result: mobile app developers and stakeholders in digital media, financial services, healthcare, gaming, automotive, government, etc. are subject to loss of revenue, brand damage, fraud, liability exposure and compromised user experience without implementing strong mobile application protection measures against hackers.

Sample Attacks and Arxan Defenses

ATTACKS DEFENSES
Jailbreaking/Rooting Jailbreak/Root Detectionarxan_Xthumbnail_for_pr
Mobile Substrate Swizzling Detectionarxan_Xthumbnail_for_pr
Static and Dynamic analysis with IDA Obfuscation Capabilityarxan_Xthumbnail_for_pr
IPA/APK Modification/redeployment Resource Verification arxan_Xthumbnail_for_pr

 

Deploying Application Integrity Protection (AIP)
Arxan Secures Mobile Apps from Attack: Mobile Application Protection Suite

In mobility, AIP strives to secure enterprises in the application economy against next generation application threats where competitors, counterfeiters, or private hackers compromise an application's business purpose by tampering with deployed software to conduct mobile fraud, distribute malware, steal IP, corrupt devices or violate software licenses.  With AIP, mobile application developers can innovate with confidence without compromising security or revenue model with the freedom to deploy high-value applications in untrusted and unknown environments.  In addition, since hackers are by definition innovators and early adopters, attackers constantly develop new methods of software abuse.   With an effective AIP platform, mobile application developers ascertain attack intelligence, instantly anticipating and reacting to advancing attack methods to future-proof software assets.  Finally, with security teams expected to do more with no incremental resources, an effective AIP program deploys quickly and does not incur development and runtime overhead.

Defending Mobile Apps with Arxan

Arxan’s mobile app security gives Android app protection (Java and native) as well as all major platforms such as iOS, Microsoft and BlackBerry, Windows Phone Series, Tizen, etc.  Arxan’s technology doesn’t impact device performance, providing a tunable level of robustness for optimal battery usage.

Arxan gives mobile applications "guards", making it tamper resistance and self-defending when they are in the wild that prevents reverse engineering and decompilation as well as secures keys against discovery.

Arxan shields applications with the widest variety of protection techniques for passive and active attacks, preventing:

  • Spoofing of apps to access sensitive data.
  • Malware insertion.
  • Trojanizing of apps
  • In-memory tampering or dynamic in-memory decryption and repair.
  • Vulnerability discoveries that lead to data breaches via application logic manipulation.
  • Inappropriate for access usage of an application.
  • Republished applications under your brand.

Finally, Arxan gathers and reacts to intelligence on how attackers try to crack licenses, disable authentication, steal content, inject code or take IP. As mobile apps are attacked in the wild, Arxan gathers hacking anatomies and innovations to future-proof against further attack.

 

Terms of Use|Site Map

© 2014 Arxan Technologies, Inc. All Rights Reserved.