Appdome offers the industry’s most extensive and easiest to deploy Mobile Runtime Application Security Protection (Mobile RASP) on the market today. Appdome is a self-service, choice-driven mobile integration platform which enables our customers to select specific features or groups of features across different mobile security categories, and deliver those capabilities inside any iOS or Android app in seconds, with no code or coding.
Our customers create best-of-breed Mobile RASP solutions by selecting their required features and security solutions from the Appdome Mobile Security Suite and clicking a button to add those features to any iOS or Android app. This lets enterprises build and deliver their own customized mobile security solutions into any mobile app, including apps they build internally as well as apps they license from 3rd party app makers. Appdome delivers a ‘defense in depth’ approach enabling customers to create a layered security solution that spans every major mobile security category. Appdome empowers enterprise developers and non-developers to embed capabilities inside their mobile apps to protect against every possible threat vector targeted at their mobile apps, mobile channels, users and data.
Creating Self-Defending Mobile Apps with Appdome RASP
Appdome’s Mobile RASP solution is comprised of security technology that contains runtime instrumentation inside the app itself, which enables the app to be self-defending against threats. Since most mobile apps do not come with RASP security out-of-the-box, customers use Appdome to deliver RASP capabilities inside their own apps or apps they license from 3rd parties.
Appdome’s Mobile RASP solution includes:
- ONEShield by Appdome –app-hardening and app-shielding technology which protects the entire mobile app itself and all components of the app bundle from attempts to reverse engineer, tamer or debug for malicious purposes. ONEShield includes the following RASP features: anti-tampering, anti-reversing, anti-debugging, obfuscate built services, app integrity/structure scan, and checksum validation.
- Appdome TOTALCode Obfuscation – binary based obfuscation which transforms binary code in such a way that makes it extremely difficult to impossible for hackers to understand how it works, making any attempt to reverse-engineer the app infeasible. TOTALCode Obfuscation includes the following RASP features: binary code obfuscation, Flow relocation, Non-native code obfuscation, strip debug information.
- Appdome TOTALData Encryption – This includes RASP capabilities that enable customers to encrypt and protect all mobile app data in all 3 states in which it exists: data at rest encryption, data-in-transit encryption, and data in-use (aka in-memory encryption). Appdome TOTALData encryption also provides customers immense flexibility in how they deploy and manage their encryption capabilities including the ability to: encrypt in-app preferences, encrypt strings and resources, generating an external data seed, secure download, restore from backup, selective encryption, Smart Media sharing, and more.
- OS Integrity – ensures that apps can only run in trusted, secure environments. This includes the following RASP functionality: Root/Jailbreak prevention, detect unknown sources, detect developer options,
- Appdome’s Secure Communication category contains features that protect data generated by apps while that data travels across a network (aka data-in-transit protection). Key features include URL Whitelisting, MiTM attack prevention, Malicious proxy detection, stale session cleanup.
- Secure Communication also includes robust Session Management capabilities which also result in the following ‘self-defending’ protection capabilities: Certificate & Trusted CA Pinning, Enforce TLS Ciphers and TLS Versions, enforce certificate roles, static client pinning, and more.
- And finally, Appdome’s Mobile Privacy category includes mobile RASP features like Keylogger prevention, copy/paste prevention, and prevent screen-share. These features often serve a dual-use in that they protect both end-user privacy as well as your own corporate data from attacks such as Credential Stuffing and other common attack techniques.
I’d say that’s a heckova-lotta mobile app security, wouldn’t you agree? Now I’m no mobile developer (although I have played one on TV to not-so-critical acclaim), but I have delivered many products over the years in my prior life as a product dude. That said, I’d be hard-pressed to come up with an estimate of how long, how much, and how many people it would take me to build all that security into a mobile app the old school way – by manually coding the features into the app’s source code. Frankly, I wouldn’t even attempt it, but if I had no choice, my estimate might look like this:
- 1-2 Android mobile devs
- 1-2 iOS mobile devs
- 1 cross-platform dev
- 1 Secops
- 1 Devops
- 1 project mgr
- 1-2 QA)
- 6 to 18 months per app (if you own the app)
- Never (if you don’t own the app, you can’t code to apps you don’t own)
- Alot! Do the math, calculate the loaded annual salary of each of the personas above and multiply it by anywhere between .5 and 1.5. No matter how you slice it, the number will be very large. (Or use your own figures if you think my math is ‘fuzzy’).
Or make your life easier, come to Appdome and click to integrate mobile RASP to any iOS or Android app in minutes via Appdome – ZERO Code Mobile App Security.
You’ll be done in less time than it took you to read this blog (or type TL;DR)