Secure Hardening for Mobile Banking Apps: Native Code Obfuscation

In the mobile environment, source code is often distributed without enough security. Programs compiled as bytecode, such as the ones developed for Java or .NET, contain almost all the original information from the source code. Programs developed with native code, usually developed in C, Objective-C, or C++, are much more difficult to reverse. In what follows, we will look at the difference between interpreted code and native code in mobile operating systems and why we still need native code obfuscation.

Read more

Secure Hardening for Mobile Banking Apps: Data Obfuscation

When developing an application for mobile banking, application hardening using code obfuscation is one possible way of protecting sensitive data. However, this may not be an acceptable solution in many different scenarios: when the data to protect must be (partially) displayed, linked to other accounts or other data, or sent to a remote network, etc. The general solution to this problem is data obfuscation.

Read more

Secure Hardening for Mobile Banking and Payment Apps: Anti-Debug

In the mobile environment, while debuggers are legal and legitimate development tools, they can also be used to reverse mobile banking and payment applications. This article describes some of the possible anti-debug techniques.

Read more

Secure Connectivity for Mobile Banking and Payment Apps: HTTPS Vulnerabilities

Here we describe some of the HTTPS vulnerabilities in the context of mobile banking and their countermeasures.

Read more

Secure Connectivity for Mobile Banking and Payment Apps: HTTPS Tunneling

In this article, we will describe what HTTPS tunneling is and how it has been used in mobile banking and payment applications. We also look at some of its vulnerabilities and remedies to the described attacks.

Read more

Secure Connectivity for Mobile Banking and Payment Apps: Access Token Protection

In this article, we introduce the role that access tokens play in mobile banking applications and provide recommendations on how to secure these access tokens. We will also explain why such security measures are important.

Read more

Overview of App & Code Hardening for Mobile Banking Apps

Application hardening usually consists in processing an already developed application, and transforming it so to make it difficult / impossible to reverse engineer and tamper.

Read more

Secure Storage and Key Protection for Mobile Banking and Payment Apps

In this article, we shall focus on the techniques used for protecting keys and in general, cryptographic secrets in the context of mobile banking & payment applications.

Read more

Mobile Banking and Payment App Hardening: Anti-Tamper

The security of mobile banking and payment applications is deeply linked to their capacities in preventing attackers from tampering with them.

Read more