Fonctionnalités de Mobile Application Shielding

Binary code protection performed post-compile, making it extremely difficult for attackers to exploit application code via reverse-engineering.

Detecting whether an attacker or hacker has duplicated the app source code and injected malicious functionality into it. If repackaging is detected, application shielding will render the corrupted app inoperable.

Encrypt and obfuscate encryption keys and secrets such as dynamic API keys within the app. The fully self-contained, independent of platform protections and whitebox-backed secure local storage  adds an extra layer of security and protect PII, session tokens and keys even on jailbroken or rooted devices.

Mobile banking Trojans will overlay apps with a malicious window, mimicking a legitimate log-in screen to steal banking credentials. By detecting that the shielded app has been pushed to the background, app shielding can terminate the app before theft can occur.

Jailbreaking or rooting a device disables default security controls within iOS and Android. Advanced jailbreak/root detection offers visibility that can help in risk decisions rather than denying service outright.

Detecting and blocking debuggers, emulators, and other tools leveraged by malicious actors in their attempts to exploit a mobile app further mitigates the risks of reverse-engineering or interference with a mobile app as it executes.

By detecting and countering malware with hooking capabilities or hooking frameworks, such as Frida, app shielding maintains a tamper-resistant runtime and terminates the app before hooking can occur.

Mobile banking Trojans and other malware will attempt to log a user’s keystrokes or steal information displayed on app screens. If application shielding detects such activity, it can react in real time to interrupt it.

App shielding reactions are configurable and can include blocking the execution of injected code, alerting administrators, feeding fraud prevention tools, or terminating the app.

Application shielding provides contextual data about the security status of the client side that fraud prevention tools can ingest and combine with other inputs to make better risk decisions about a transaction, login or other user action. This results in an optimal user experience without compromising the security.