Cryptomathic Mobile App Security Core (MASC) is a comprehensive security software solution for the European Digital Identity (EUDI) wallet, eID apps, mobile banking apps, etc., comprised of multiple layers of mutually reinforcing mobile app security components that are provided with a simple, easy-to-use API. It enables app developers to focus on developing excellent business applications while leaving the specialist security-critical parts to MASC.
Organizations responsible for the development of an EUDI wallet (or other apps with highly sensitive data), will be acutely aware of the importance of security throughout the entire digital wallet ecosystem. In addition, they will likely already have a skilled security function and have implemented industry-standard security policies and procedures.
However, implementing adequate proactive and reactive security measures to counter the threats to large-scale deployments of such sensitive mobile apps is a highly specialized field, especially when the mobile app is being executed on devices that cannot be managed. For this reason, organizations should strongly consider contracting with a mobile app security vendor.
Following its introduction in January 2018, the Open Banking regulation mandates UK banks to provide their data in a standardized format, facilitating third-party developers to create financial service applications and allowing for fast bank payments and settlements without intermediaries. The number of Open Banking users reached 1 million by November 2019, but despite the slower-than-anticipated growth of this new technology, recent usage figures and government commitment indicate that Open Banking may soon become more widely adopted.
Itemizing the potential risks of the European Digital Identity (EUDl) Wallet scheme is a complex task that involves assessing the attack surface of the digital wallet app across various platforms, as well as the backend infrastructure, processes, and organizations involved. To provide support, the ENISA and OWASP mobile app guidelines offer useful resources for a secure development lifecycle of digital wallets, as outlined in this article.
We also introduce how Cryptomathic's Mobile App Security Core helps address the majority of the ENISA and OWASP security recommendations.
The European Digital Identity wallet (EUDI wallet) is proposed by the European Commission to provide a secure, safe and standardized digital identity for all EU citizens. It is based on the European Standard for Electronic Identification and Trust Services (eIDAS) and part of the proposed eIDAS 2.0 regulation. The EUDI wallet will be made available to its users as a mobile app that allows them to securely store and selectively share, locally or remotely, on request and under their sole control, identification data based on their national electronic IDs (eIDs), as well as other attestations of attributes such as digital travel credentials (ePassports), driver’s licenses, university diplomas, and also personal information including medical records or bank account details. The wallet should also allow them to access a variety of online services and sign documents with qualified electronic signatures and seals (QES).
With such valuable data stored on an app, the threats to the EUDI wallet will come from multiple diverse sources, all with varying motives. This article explores the threat landscape and considerations for protecting the digital wallet's sensitive data against threats.
Mobile apps and mobile software components are rarely stand-alone as they frequently perform their most important operations on various backend systems. Both parties in this communication need assurance that they are talking to an authentic partner at the other end. The server needs assurance that the software it talks to on the mobile device is authentic and not tampered with. The software on the mobile device needs assurance that it talks to the authentic server (not a man-in-the-middle) and that data can reliably be sent to the server.
Each year, various events within the cybersecurity industry have a significant impact on the industry, leading experts to predict an increase in the frequency and severity of such occurrences in the years ahead. As preparation is preferred over mitigation, awareness of what to anticipate this year and beyond is essential.
The European Commission promotes the European Digital Identity wallet (EUDI wallet) as part of its effort to digitize the economy and help foster trust services. In practice, this means that from the end of 2023 each EU Member State will gradually offer a mobile-based wallet to their citizens, residents and businesses to identify and authenticate online. Here we look at the scope of the EUDI and some of the security challenges for the app.
Here we explain why additional security mechanisms, beyond the mobile OS security features, are needed to protect mobile banking applications from malware and related threats.
