Mobile Security Suite Features

Optimize your customers’ mobile experience and reduce fraud with state-of-the-art authentication, application security, and e-signatures

Mobile Security Suite Features

Mobile app security gray


App Shielding

Proactively protect your Android and iOS apps against attacks even in untrusted, potentially hostile environments with mobile app shielding from OneSpan. Detect and mitigate the latest malware attacks, impede reverse-engineering, defend against tampering, and stop app spoofing and cloning with an invisible, always-on layer of state-of-the-art mobile app security.


Rooting or jailbreaking a device deactivates key operating system safeguards and can put a mobile app at increased risk. Detecting the operation of your app on such a device can allow you to monitor this risk factor and use it in making decisions on back-end fraud management and authentication systems.​

Secure Channel

Enforce the highest mobile app security for communications between the server and mobile device with end-to-end encryption. Add an additional layer of protection by independently encrypting data on the server side for decryption on the mobile device.​

Secure Storage

Strengthen the security of data stored on the device with additional encryption and dynamic masking of the data storage method beyond what is provided by the platform. This additional security also safeguards the stored data should the Trusted Execution Environment, Secure Element, or Secure Enclave be compromised.​

Whitebox Cryptography

Counter attacker attempts to dismantle mobile app security by extracting an app’s encryption keys. Whitebox cryptography uses advanced encryption and obfuscation to keep keys hidden in the source code even during runtime so that an attacker cannot recover them.​

Device Binding

Enable and maintain a secure bond between a given mobile device and an authorized user to mitigate account takeover, stop the repurposing of cryptographic keys, and prevent app cloning as required by PSD2.​

mobile authentication gray


Behavioral Biometrics

Integrate continuous mobile authentication for account access and transactions. In real time, monitor and score the way users interact with their mobile devices via keystroke and gesture dynamics. Recorded over time, these actions are mapped to the returning user to generate a risk score to step up authentication when needed.​

Cronto® Support

Implement OneSpan’s patented visual transaction signing solution in your mobile app to allow users to verify and sign transactions anywhere at any time without the need for a wireless or physical connection. ​

Device Identification

Identify a mobile device via unique attributes to provide persistent identification that’s unaffected by mobile OS updates and defeat malicious attempts to spoof the mobile device.​

Facial Recognition

Give users a choice of the biometric authentication that’s right for them at any given time by integrating facial recognition technology into your application security. Use facial data points and advanced liveness detection and spoof detection benchmarked by NIST to accurately authenticate users.​

FIDO Authentication

Deliver a passwordless mobile experience by integrating open, scalable, and interoperable PIN, push, and biometric authentication that complies with the FIDO Universal Authentication Framework (UAF) standard. Users authenticate locally to their device, removing the need for a “shared secret” stored on the server and eliminating the server-side attack vector.

Fingerprint Authentication

Use a fingerprint scan to quickly and accurately authenticate users. A recent Javelin survey indicated that fingerprint is consumers’ most preferred authentication method when logging in to their accounts. Easily integrate this popular, simple, and proven biometric authentication option into your mobile app.​


Pinpoint and timestamp a mobile device’s longitude and latitude within meters to determine the trustworthiness of a mobile device and feed risk analytics and risk management solutions with contextual data

Risk-based Authentication

Gather numerous data points about a device, its user, and the apps residing on it. Allow artificial intelligence (AI) and machine learning to score the risk of a transaction based on the available data points and dynamically step up authentication as needed.​

Transaction Signing

Fully integrate transaction signing to prevent social engineering, banking Trojans, and Man-in-the-Middle attacks, while balancing user convenience and strong security for even the most sensitive mobile transactions.​

Push Notification

Enable “push to log-in” use cases for online banking and send cross-platform notifications with a single server-side function to securely alert users, send authentication codes, and more from the server to the mobile device.​

QR Code Support

Leverage a flexible image scanning feature that reads standard QR Codes for enrollment and other use cases.​

E-signatures gray


Native Integration

Natively build e-signing capabilities into your existing mobile apps to allow users to sign from anywhere, at any time, on any device. Capture tap-to-sign and handwritten signatures, extensive electronic evidence, and more. The optimized SDK allows you to get up and running with your first prototype in as little as 10 minutes.​