MOBILE APPLICATION PROTECTION

THE PRIMARY LINE OF DEFENCE FOR MOBILE APPS

 

If you can afford ZERO app security breaches or backend intrusion, you need bank-grade app protection. Our SDK provides multiple layers of defense that businesses love and hackers hate.

 

GET IN TOUCH →

 

 

Mobile devices handle huge amounts of increasingly sensitive data, which means apps delivering banking, mobile wallet, healthcare, ID services and more simply cannot afford to be broken.

In over ten years of providing a secure mobile core SDK, we have protected over 100 million+ apps, with NO recorded incidents. It’s no wonder that frustrated hackers have described our protection as ‘watertight’!

We're cryptographic experts constantly studying attacks of a quantum nature, helping you manage secrets so that not even your developers can access them.

We don’t just provide a wrap-around shield, or an add-on; our mobile protection gives you true in-app security based on multiple interlocking layers that help you comply with regulations and keep data secure

 
Why Cryptomathic
GRAFX

 

It also exposes a larger attack service, which requires a very particular skillset to better manage increased risk and protect against financial devastation or reputational disaster.

Our unrivalled experts craft mobile protection solutions that deliver the highest levels of security by design. We don’t just provide a shield, or an add-on; our mobile protection gives you true in-app security.

Why Cryptomathic
Vector 4

WHY DO LEADING CISOs TRUST CRYPTOMATHIC FOR MOBILE APP PROTECTION?

 

 

We provide the highest levels of security. Our solutions constantly undergo extensive penetration (PEN) testing to achieve certification and ensure we:

  • Remain current with the latest types of attack
  • Understand app vulnerabilities
  • Help mitigate app security risks

This provides you with a fast-track to compliance with regulations including:

  • ENISA Smartphone Guidelines
  • OWASP Mobile Application Security
  • PCI MPoC Standards

Developers can focus on app’s user experience and business logic and we take care of the security. Exposure areas are consequently limited making life easier for security architects and compliance officers.

MAS1

WHY DOES THIS MATTER?

 

 

Native mobile apps provide a superior user experience but escape your control once downloaded, opening possibilities for exploitation.

If you work in highly regulated sectors, your apps will contain financial, health, personal or similarly sensitive data. Off-the-shelf vendor solutions are not enough and breaches don’t just threaten to halt your revenue streams, they can destroy your reputation and lose you customers. 

The result? Multi-layered, trusted security that protects the integrity of apps, constantly watching for any potential threats, enabling proactive action and ensuring advanced security mechanisms cannot be cheated. 

MAS2

WHY IS IT CRUCIAL TO HAVE THE HIGHEST LEVELS OF MOBILE APP PROTECTION?

Native mobile apps provide a superior user experience of native apps but escape your control once downloaded, opening possibilities for exploitation. Unauthorized access to sensitive information on mobile devices can not only make customers and businesses vulnerable. It could pose national security risks. If a passport stored in a digital wallet is compromised, it affects the ability of border force agents to correctly identify someone crossing the border. Bad actors could illegitimately cross nations or genuine citizens could be denied entry. Mobile app protection is not just a question of convenience. It is about managing all modern security risks to keeping sensitive data safe. If you work in highly regulated sectors, your apps will contain financial, health, personal or similarly sensitive data. Default vendor solutions are not enough and breaches don’t just threaten to halt your revenue streams, they can destroy your reputation and lose you customers. Work with the global specialists to set threat parameters exactly as you wish and provide the highest levels of protection.

Our deep knowledge of the science of cryptography and security simplifies adoption of security best practices for your developers, enabling them to flex their artistic muscles and focus on form and function, creating beautiful digital experiences without being burdened by security compliance requirements.

Cryptomathic provides tools that:

  • Get you to market faster with robust app security that doesn’t sacrifice development speed
  • Minimize threat risks with 360° defense mechanisms integrated straight into your code
  • Works your way, compatible with all common build tools and development environments
  • Adapts to your needs, with customization options depending on your security and performance requirements
  • Always update so your app protections stay ahead of attackers
  • Come with integration support for add-ons that, for example, detect suspicious activity or  perform device fingerprinting

    Multi-layered security for bank-grade security
    App protected with MASC

 

Secure Storage

Configuration Data Protection

App Integrity Protection

  • Extending OS key stores
  • Independent cryptographic functions
  • Prevent data separation
  • License keys
  • API keys
  • Backend host names
  • Certificates
  • Anti-dubug
  • Anti-Tamper
  • Root and jailbreak Detection
  • Emulator detection

Secure Connectivity

API and Device Assurance

Device Health Service

  • Separate root certificates
  • HTTPS tunneling (whitelists)
  • Extra encrypted layer
  • Open Authorization 2.0 (OAuth2) token protection
  • Cookie protection
  • Remote update
  • Challenge-response protocol establishes genuine app
  • Device-unique binding
  • Secure communication
  • Sentinel health message
  • Audit logs
  • Monitor device integrity and response

Cryptomathic MASC is a security software development kit (SDK) for mobile apps on Android and iOS.

Five core components make MASC the leading mobile app defense solution available:

Sentinel security Technology
  • Technology embedded in the app that’s always watching, triggered by over 120 different types of attack vectors, such as attempted screenshots, to rooted devices and suspicious activity from possible malware infecting the phone
  • Runtime Application Self-Protection (RASP) – powered by these ‘sentinels’ – monitors app and device activity. Irregular or unwanted activity can be responded to quickly and decisively
  • Our detectors have been fine-tuned over several code generations and you can control how aggressively they search and what they detect
  • The response can be set to soft measures, such as a warning message to the backend system, or extremely aggressive, such as crashing the application to prevent further harm

MASTAB201

 

Application hardening 
  • Make apps more difficult to reverse-engineer and guard against tampering, protecting app IP and preventing exploits
  • Application hardening mechanisms include:
    • Code hardening
    • White box encryption
    • Data obfuscation and native code obfuscation
    • Protected configuration
    • Anti-debug and Anti-tampering
    • Emulator, root and jailbreak detection
DEVICE AND API ASSURANCE 
  • Be confident that the backend system is communicating with a genuine app and vice versa.
  • API Protection builds on dynamic cryptographic keys and secrets to protect against reverse engineering and tampering.
  • Protect server APIs from unauthorized access, by preventing non-approved third-party apps or aggregators from accessing the APIs.
  • Device Assurance improves the assurance level to include device-specific secrets, known as device binding, so no-one else can access data not meant for them.
MASTAB203
secure storage
  • Prevent separation of data and application
  • Prevent migration or copying data to other devices
  • Protect and encrypt the cryptographic keys generated and managed 

MASTAB202

Secure connectivity

Ensure the app only communicates with the intended system and maintains its own certificate store

Measures for securing connectivity include:

  • Access token and cookie protection
  • Encrypted transport
  • Strong Authentication
  • HTTPS tunnelling
  • Device health and audit logging

See how Cryptomathic Mobile App Security Core (MASC) works:

 

hOW WILL DIGITAL IDENTITY WALLETS TRANSFORM CUSTOMER EXPIERENCES? 

Governments worldwide are exploring and launching digital identity wallets, creating powerful and convenient gateways to services from healthcare, to payments, insurance and more. 

These wallets are typically accessed via mobile devices. They enable quick access to certified ID documents, such as driving licenses, permits, health cards or passports, so consumers can quickly provide instant, irrefutable proof of their identity anytime, anywhere. 

Unauthorized access to such sensitive information on mobile devices can not only make customers and businesses vulnerable. It could pose national security risks. 

If a passport stored in a digital wallet is compromised, it affects the ability of border force agents to correctly identify someone crossing the border. Bad actors could illegitimately cross nations or genuine citizens could be denied entry.



MASTAB201

 

MASTAB203

As massive volumes of sensitive information flow through our mobile devices, are you prepared and confident to handle the increased risks of a digital-first society?

MASTAB202

You must make sure your digital ID and mobile wallet apps can:

  • Safely store and transit sensitive private data
  • Keep secrets secret – even from the developers working on your apps
  • Meet stringent compliance requirements with eIDAS, PCI and other regulations
  • Protect against threats such as reverse engineering, Man-In-The-Middle, or in-app attacks
Secure banking apps offering full-service facilities with minimum friction

Mobile apps are the most popular way for many consumers to access banking services, overtaking local branches, phone services and bank websites in recent years.

These mobile apps are required to be freely available on public servers. Unfortunately, this provides a playground for attackers to download and exploit weaker applications in their own time.

Cryptomathic’s Mobile App Security Core (MASC) provides comprehensive data protection and self-defending mechanisms with multiple, mutually reinforcing security layers.

 MASC protects and tunnels the communications between the banking app and the server, while providing a library that enables the backend to monitor and respond in real-time to subversive activity occurring on the app and device.



MASTAB201

 

MASTAB203

Why banks trust the technical capabilities of MASC to protect their apps:

  • Multiple layers of code and data obfuscation to protect secrets
  • Runtime application self-defense, including anti-debug, anti-tamper, application integrity and emulator detection
  • HTTPS handling with host and certificate whitelisting, controlled by the security team
  • Root and jailbreak information relayed to the backend as part of device health reports
  • Secure store with optional PIN and biometric protection
  • Secret protection to keeps protocol secrets away from the upper app layers
  • API protection so the backend can quickly discard requests not coming from genuine app instances
  • Languages: Java, Kotlin, Objective-C, React-Native, Swift
  • Operating System: Android, iOS
Vector 4 (1)

FEATURED RESOURCES

BLOG
Demystifying Mobile Application Hardening: Techniques and Best Practices

 

This blog runs through Mobile App Hardening and the techniques and best practices for implementing it.

Learn more

WHITE PAPER@2x
Securing Mobile Banking Apps with MASC
 

Understand the threat landscape and how MASC's evolutionary security strategy can overcome such threats and provide 360º protections against attacks.

Learn more

 

PRODUCT@2x
MASC Product Sheet

 

Comprehensive and dynamic
protection for banking apps

Learn more

 

Securing EUDI wallets

Watch a recording of our recent webinar to understand the threats, risks and vulnerabilities facing EUDI wallets and learn how to prevent spoofing, tampering, denial of service, information disclosure and more.

WATCH THE RECORDING
Securing (600 x 300 px) (1)
Want to know more? 
 
 GET IN TOUCH
Want to know more?   GET IN TOUCH