In a changing digital landscape, app security isn’t a luxury
It’s a necessity. According to The App Association, mobile apps are the most rapidly adopted technology in human history. Almost overnight, they have become one of the primary ways we engage with the world, but as devices become connected and then interconnected, vulnerabilities creep in.
The Kaspersky Lab reports that in the first quarter of 2017, the volume of ransomware targeting mobile devices increased by a staggering 300%. With apps now storing increasingly valuable data, hackers have begun to aggressively attack mobile devices and the applications residing on those devices.
At G+D, we have decades of experience in fighting such attacks. Our cutting-edge mobile security solutions cover the whole spectrum of identity management, not only offering seamless connectivity and innovative services, but also providing robust protection for personal identities and data.
Statistics at a glance
Across all industries, data breaches on average cost $2 million
Time is of the essence – breaches found in less than 100 days cost on average $3.2 million. In contrast, breaches found after 100 days cost on average $4.4 million.
Healthcare PHI (Personal Health Information) data breaches can reach $12 million
Financial institutions are increasing annual cybersecurity budgets, with some allocating unlimited budgets when it comes to combating cybercrime
Helping developers to build robust security
Our goal is to make the attackers’ efforts more difficult, forcing them to spend weeks, not days attacking your app. Hackers thus have to invest more time, money, and resources, ultimately stretching them to the point that it just isn’t worth carrying on with the attack.
This is why we offer the “Trusted Application Kit” or TAK.
With all the security taken care of by TAK, you are free to focus on providing your customers with added value, differentiation, and faster time-to-market. TAK allows developers to build in robust security that is specific to the application during the design phase, ensuring application security is not overlooked or reliant on unproven sources. In short, TAK offers peace of mind to the developer community.
Outsource your mobile application security to G+D, and you can rest easy. Security integration in hours, not days.«
Trusted Application Kit
Protecting applications like critical infrastructures
TAK is a mobile application security framework that enables the developer to take a proactive approach to app security, not only during runtime, but also afterward, complete with detailed feedback.
An SDK for app developers and an application security framework
TAK is essentially two things: an SDK for app developers and an application security framework for mobile operating systems like Android™ or iOS. TAK resolves all sorts of issues, from those posed by the growing number of end-user devices to the problems inherent in different OS versions and country-specific devices. TAK does this through a layered security approach – protecting your apps from a range of threat types. TAK is perfectly suited for a broad range of apps that require enhanced security, for example mobile banking apps or transit and ticketing apps.
How does the Trusted Application Kit work?
TAK protects against a number of attack scenarios, including:
• Code manipulation
• Rooting, jailbreaking or debugging
• Differential comparative analysis
• Network sniffing
• Reverse engineering
• Mobile application cloning
• Key extraction
• Environment checks
The benefits of TAK
Using TAK to secure your mobile application is transparent to the end user of the mobile device. Our additional layer of security does not impact the user experience, and there’s no need for additional actions like passwords. The user is protected without even knowing TAK is there.
Risk and governance
For organizations that handle sensitive data and are under strict regulations, security becomes a critical concern due to compliance or service-level commitments they must provide. TAK provides the developer with a tool to better protect customer information and assets while limiting exposure to risks.
Security for all
TAK separates security from business logic, enabling use in all verticals and independent of device/OS platforms, so there's no need for adaptation.
TAK prevents the unauthorized analysis, modification, copying, and usage of the security-relevant parts of the application. It protects what really counts: critical user information.
Increased security with easy integration
According to a Veracode survey, over half of app developers report that security causes delays in development. TAK is widely scalable and can be easily integrated by service providers, application providers, and OEMs. It allows you to launch a secured mobile application faster. Once users are on boarded and provisioned, they can start using their devices to the fullest.
Features: safe, straightforward, and secure
SECURE END USER: TAK offers a multitude of security mechanisms that help to protect what counts: users’ most confidential data.
SECURE PLATFORM: TAK provides mechanisms, like device binding and jailbreaking or rooting detection, to make the app more secure.
SECURE EXCHANGE: TAK securely protects the exchange of confidential information between the app and the service provider server, which prevents network sniffing.
PRIVACY & DATA PROTECTION: TAK is compliant with all applicable requirements, such as the German Federal Data Protection Act (BDSG).
SECURE LIFECYCLE: TAK supports secure provisioning, where each app is personalized with the user device. In addition, it provides out-of-band security information on the status of the mobile application.
SECURE STORAGE: TAK allows sensitive and confidential data to be stored securely on the device for greater peace of mind among users.
SECURE INSIGHTS: Enables bidirectional feedback on how rolled-out applications are behaving in the field, e.g. statistical data on the number of rooted devices.
White paper: White-Box Cryptography -New Attacks and Countermeasures
White-box cryptography deals with the secure implementation of cryptographic algorithms in an environment that allows an attacker to have complete access to the implementation. Lately, new applications for white-box cryptography have emerged. A prominent example is mobile payment. At the same time, new attack techniques have been developed. This Whitepaper contains an introduction into white-box cryptography. It describes this new type of attack and discusses possible countermeasures.
Convego® AppWorld is a customizable smart-wallet solution that allows you to dynamically create and manage services and push them to users, thanks to its dynamic platform capabilities and an SDK.
Managing cyber risks is a key challenge of digitization. This article looks at threats, countermeasures and options for safeguarding assets and critical infrastructures in a connected world.