Appdome TOTALData Encryption is one of the cornerstones of our Mobile Security Suite. This mobile data encryption solution protects all application data coded, created, and used by the mobile app.
What is Mobile Data Encryption?
As we discussed in a previous blog, every Android and iOS app uses three states of data. Data at rest (DAR), data in transit, and data in use (aka data in memory).
- Data at rest is persistent data, stored in the application sandbox
- Data in transit is mobile app data sent from the app to outside servers or other app users
- Data in use is data from the application sandbox that is temporarily stored in the application memory while the app is running
Data at rest encryption (DAR encryption), data in use encryption, and data in transit encryption are a fundamental component of protecting data in mobile apps. This ensures that any unauthorized party that tries to access the data, regardless of the state the data is in, won’t be able to read it.
Why is it important to Encrypt Mobile App Data?
Data encryption is a foundational method of any mobile security model. In-app encryption is used to protect the data stored inside a mobile app sandbox and other areas, such as resource files/folders, app preferences, and other areas.
Mobile apps create, store, use and process a lot of data. Examples of data created and stored by the app are personally-identifying information (PII) such as usernames, passwords, account details, payment methods, and more. Mobile apps also contain all your development information, such as APIs, keys and secrets, backend service URLs, authentication tokens, app preferences and permissions data, and the certificates used to transmit data.
And all of that data is valuable (valuable to users, valuable to enterprises, and valuable to cybercriminals). Cybercriminals make a living monetizing stolen mobile data. Hackers also harvest mobile data in order to execute account takeovers, identity theft, credential theft, credential stuffing, DDoS, and other attacks and exploits).
Why is mobile data encryption difficult?
Mobile app data is extremely diverse and heterogeneous (both across apps and within the same app). Differences in data structure, data type, size, frequency of reads/writes, and length of storage typically drive implementation differences in terms of the encryption methods, algorithms and cipher suites, each of which can impact performance significantly.
With so many different ways that apps generate data, there is simply no one-size-fits-all approach to secure or encrypt data. This is why manually coding Android data at rest encryption and iOS database encryption is such a daunting undertaking.
How Does Appdome Make Mobile Data Encryption Easy?
Implementing Appdome TOTALData Encryption in an app is easy on Appdome. Appdome users upload an app, select what and how to protect mobile app data and click “Build My App.” Appdome’s mobile security platform takes care of the rest. Replacing the work developers would do manually to protect the data of the app, including generating or managing keys, storing encryption keys, and fine-tuning your encryption list.
Appdome TOTALData Encryption is a complete solution. In addition to protecting the mobile app sandbox, it also encrypts in-app preferences, in-app strings & preferences, in-app secrets, signing keys and certificates, authentication tokens, client certs, and more. Customers have granular control over what to encrypt (and what to exclude). Customers can also generate and manage shared and seeded encryption keys from external systems.
The ability to create flexible encryption models to suit different mobile app use cases is what makes TOTALData™ Encryption so powerful. By default, Appdome uses industry-standard AES 256 encryption (Enterprise Grade). However, users also have the ability to utilize FIPS 140 2 encryption (military grade) to protect all data stores. This makes their apps FIPS 140 2 compliant and meets the security requirements for US Federal and National Defense use cases.
Mobile encryption and decryption are resource-intensive processes and Appdome optimizes these by dynamically generating symmetric encryption keys at runtime. Each symmetric key is generated by Appdome using industry-standard AES mechanisms. The keys are never stored on the mobile device and are derived at run-time.
Additional Data Encryption for Android
Appdome offers developers two additional methods to protect Android app data. Encrypting sensitive strings.xml values allows for xml encryption. The second method is to use Code Packing to encrypt the mobile app’s compiled Java code and decrypt it at run-time.
Mobile Data Encryption Controls
Appdome TOTALData Encryption offers unique Encryption Controls for Android encryption and iOS encryption :
- Encryption Using In-App Seed.Users can select from a variety of key generation and management features. These features allow virtually endless combinations of shared and managed encryption keys. Including seeded keys from external systems and derived keys generated from in-app events such as a log-in or other user event.
- SMARTApp™ Offline Access. This new capability provides mobile end-users offline access to encrypted files and data stored in the app – even if the app is not connected to a network. For an added measure of security, customers can even set conditions that need to be met in order to allow the user to access encrypted mobile data while offline.
- Secure Enclaves™ – The newest generation of mobile microprocessors are now powered by chipsets designed from the ground up with dedicated/segmented areas for encrypted data. In iOS, this concept is known as a “Secure Enclave“. In Android, it’s known as a “TrustZone“. Appdome Secure Enclaves automatically adjusts the encryption method to take advantage of these new secure enclaves (on mobile devices that have these new chipsets).
Recommendation for Developers
The value proposition for developers and non-developers to implement mobile data encryption is clear. You can save a lot of work, time and effort using Appdome to implement mobile data encryption in any mobile app – instantly, without code or coding. You don’t need to change your app in any way in order to implement data encryption using Appdome. There’s no Appdome SDK, you don’t need to add any libraries. Just upload an app binary, select the encryption features you need, and click “Build My App” to protect every piece of data created and used by your app today!
To learn more about Appdome’s encryption methods for data in transit, check out our KB article on MITM attack Protection.