A guide to mobile application protection (Guest blog by Licel)
Are we right to trust the apps we rely on?
Most of us rely on mobile applications every day. Whether we’re making a quick bank transfer to a friend, speaking with our doctor virtually, or booking concert tickets.
It’s now perfectly normal for us to manage our lives with a few simple swipes of a smartphone screen. But we’ve only adopted these behaviours so rapidly because we assume the apps we use every day are safe from outside threats.
In our State of Mobile App Security report we made it clear that sadly that isn’t always the case. There are several reasons for this. One is that mobile app developers are often under immense pressure to meet deadlines - speed can sometimes trump security. And another reason is that there’s quite a lot of misinformation out there about what mobile application protection actually means.
At a time when bad actors have mobile apps in their sightlines and are carrying out ever more cunning attacks, this is a dangerous and urgent problem. One that we need to solve collectively.
What kind of protection is required?
This current reality is what convinced us to create a guide to mobile application protection. We wanted to share a resource that would help app developers not only to understand the kind of attacks their app is up against, but also how they can combat these threats.
We also wanted to make it clear the level of protection required to stop modern, sophisticated attacks. That’s why we introduce our four layers of mobile application protection early on in the guide. They are:
- Code and resource hardening
- Secure runtime environment
- Secure network communications
- Application integrity
These layers pop up again and again throughout the guide because they apply to almost every threat that apps face. They’re also interlinked, so it isn’t possible to skip one of them if an application is to be able to defend itself against attacks.
Sometimes it’s thought that app protection is largely about obfuscation and encryption, but this isn’t the case. Unless security is comprehensive and covers all four layers, an app will remain vulnerable.
Why does app protection matter so much?
At the start of this article I explained that most of us are reliant upon mobile apps to help manage our day-to-day lives. Think for a moment about the kind of information that you share with these apps. Be it bank account credentials or healthcare data. This helps to explain why apps are such an attractive target for bad actors. It’s also why a successful attack can cause such distress and harm to individuals.
But businesses can suffer from attacks, too. When you think about it, in our modern, more remote world, applications are often the only way a business interacts with its customers. They’re increasingly the bank, doctor’s surgery, or shop of the 2020s. For some companies their app is their most valuable asset. And so their reputation would be ruined if attackers were able to exploit it.
The stakes have simply never been higher for both businesses and ordinary users of mobile apps like you and I.
Our hope is that by reading the guide people will realise how important app protection is. But our intention isn’t to scare people. Rather we want them to understand that there are ways that we can collectively redress the balance and make life harder for attackers.
If you’re in the process of developing an app and the guide sparks a few questions in your mind, I’d be delighted to hear from you.
Ivan Kinash
CEO of Licel
Read Licel’s Guide to Mobile Application Protection
Authors
