App security
About app security
App security enables you to protect your app from various threats and attacks with mechanisms such as app hardening and runtime application self-protection (RASP). App security provides proactive security against a wide range of attacks, such as tampering, debugging, code injection, code modification and stealing of data from your app.
Mobile app hardening
Mobile app hardening describes the process of improving the security measures of an app, to protect it from fraud techniques. This makes it harder for potential hackers to reverse engineer and tamper with your app.
Runtime application self-protection (RASP)
RASP (runtime application self-protection) protects your apps from malicious behaviour. It uses runtime instrumentation to monitor behaviour and stop threats in real time.
How does app security work?
App security is delivered in packages for iOS and Android, and shields your app in an automated and seamless process. It contains both prevention and detection features to counter threats found.
- It secures your app at both runtime and at rest, through various security features.
- It can detect whether its surrounding environment can be trusted during runtime.
Features
Threats and attacks can originate from sources such as hackers, users and malware. App security protects your mobile app against:
- Malware
- Debugging, such as Java or native debuggers
- Emulator/fake execution environment
- Cloning of the device
- Rooting and jailbreaking
- Code injection (runtime library injection)
- Hooking-frameworks
- Repackaging, such as fake or manipulated apps
- System and end-user screenshots
- Keylogging from untrusted keyboards
- Keylogging and screen-scraping from untrusted screen-readers
- Native code-hooks
- External screen sharing
- Overlay attacks, by overlay detection mechanisms
- Tampering, by performing in-depth integrity checks of files and assets
Anti-tampering
RASP is a crucial part of app security in mobile devices. It is achieved using the prducts capabilities to detect whether the app's surrounding environment can be trusted. RASP secures from inside the app and uses runtime information to detect, protect, report and block attacks.
App security includes the following anti-tampering capabilities:
- Debugger and emulation detection.
- Privilege escalation detection; it detects if the device is jailbroken or rooted.
- Integrity checks; it detects whether the app or device configuration has been altered.
Repackaging protection
Repackaging protection is obtained through application binding. This ensure that app security cannot be removed from a protected app and repackaged. Various forms of integrity checks are performed when a shielded app is launched, to verify that the app has not been repackaged.
Code obfuscation
Code obfuscation scrambles the source code to make it harder for an attacker to reverse engineer how an app works. An app which is harder to read is harder to attack, making it more difficult to steal its intellectual property or to repackage it. App security is fully obfuscated by default.
Handling
When app security performs security checks, it can be configured to either:
- Exit directly when it detects a security problem.
- Notify the app about the security event using a callback interface.
By using the callback interface, you can notify about possible security problems before the app is terminated, or notify a backend system for usage analytics. For example, you can notify the backend about the number of rooted or jailbroken devices that are using your app.
App security partnership
We currently deliver app security through our partnership with Promon and their product Promon SHIELD® for Mobile.
We strongly recommend that you implement tools for app security, regardless of whether it is using Promon SHIELD® through Signicat, or by sourcing one of your own providers.