Mobile Security Suite hero banner Mobile Security Suite hero banner

Mobile Security Suite Features

Optimize your customers’ mobile experience and reduce fraud with state-of-the-art authentication, application security, and e-signatures


  • Two tone purple kite shield with the left-hand side showing a dark purple while the right shows a light purple; a dark purple circle with a light purple exclamation point in it overlaps the bottom right corner of the shield


    App shielding

    Proactively protect your Android and iOS apps against attacks even in untrusted, potentially hostile environments with mobile app shielding from OneSpan. Detect and mitigate the latest malware attacks, impede reverse-engineering, defend against tampering, and stop app spoofing and cloning with an invisible, always-on layer of state-of-the-art mobile app security.

    Jailbreak & Root Detection

    Rooting or jailbreaking a device deactivates key operating system safeguards and can put a mobile app at increased risk. Detecting the operation of your app on such a device can allow you to monitor this risk factor and use it in making decisions on back-end fraud management and authentication systems.​

    Secure Channel

    Enforce the highest mobile app security for communications between the server and mobile device with end-to-end encryption. Add an additional layer of protection by independently encrypting data on the server side for decryption on the mobile device.​

    Secure Storage

    Strengthen the security of data stored on the device with additional encryption and dynamic masking of the data storage method beyond what is provided by the platform. This additional security also safeguards the stored data should the Trusted Execution Environment, Secure Element, or Secure Enclave be compromised.​

    Whitebox Cryptography

    Counter attacker attempts to dismantle mobile app security by extracting an app’s encryption keys. Whitebox cryptography uses advanced encryption and obfuscation to keep keys hidden in the source code even during runtime so that an attacker cannot recover them.​

    Device Binding

    Enable and maintain a secure bond between a given mobile device and an authorized user to mitigate account takeover, stop the repurposing of cryptographic keys, and prevent app cloning as required by PSD2.​

  • Biometric authentication


    Behavioral Biometrics

    Integrate continuous mobile authentication for account access and transactions. In real time,  monitor and score the way users interact with their mobile devices via keystroke and gesture dynamics. Recorded over time, these actions are mapped to the returning user to generate a risk score to step up authentication when needed.​

    Cronto® Support

    Implement OneSpan’s patented visual transaction signing solution in your mobile app to allow users to verify and sign transactions anywhere at any time without the need for a wireless or physical connection. ​

    Device Identification

    Identify a mobile device via unique attributes to provide persistent identification that’s unaffected by mobile OS updates and defeat malicious attempts to spoof the mobile device.​

    Facial Recognition

    Give users a choice of the biometric authentication that’s right for them at any given time by integrating facial recognition technology into your application security. Use facial data points and advanced liveness detection and spoof detection benchmarked by NIST to accurately authenticate users.​

    FIDO Authentication

    Deliver a passwordless mobile experience by integrating open, scalable, and interoperable PIN, push, and biometric authentication that complies with the FIDO Universal Authentication Framework (UAF) standard. Users authenticate locally to their device, removing the need for a “shared secret” stored on the server and eliminating the server-side attack vector.​

    Fingerprint Authentication

    Use a fingerprint scan to quickly and accurately authenticate users. A recent Javelin survey indicated that fingerprint is consumers’ most preferred authentication method when logging in to their accounts. Easily integrate this popular, simple, and proven biometric authentication option into your mobile app.​


    Pinpoint and timestamp a mobile device’s longitude and latitude within meters to determine the trustworthiness of a mobile device and feed risk analytics and risk management solutions with contextual data.​

    Risk-based Authentication

    Gather numerous data points about a device, its user, and the apps residing on it. Allow artificial intelligence (AI) and machine learning to score the risk of a transaction based on the available data points and dynamically step up authentication as needed.​

    Transaction Signing

    Fully integrate transaction signing to prevent social engineering, banking Trojans, and Man-in-the-Middle attacks, while balancing user convenience and strong security for even the most sensitive mobile transactions.​

    Push Notification

    Enable “push to log-in” use cases for online banking and send cross-platform notifications with a single server-side function to securely alert users, send authentication codes, and more from the server to the mobile device.​

    QR Code Support

    Leverage a flexible image scanning feature that reads standard QR Codes for enrollment and other use cases.​

  • E-signatures


    Native Integration

    Natively build e-signing capabilities into your existing mobile apps to allow users to sign from anywhere, at any time, on any device. Capture tap-to-sign and handwritten signatures, extensive electronic evidence, and more. The optimized SDK allows you to get up and running with your first prototype in as little as 10 minutes.​