Appdome TOTALData Encryption is one of the cornerstones of our Mobile Security Suite. This mobile data encryption solution protects all application data coded, created, and used by the mobile app.
What is Mobile Data Encryption?
As we discussed in a previous blog; every Android and iOS app uses three states of data. Data at rest (aka as DAR), data in use, and data in transit.
- Data at rest is mobile app data that is persistent and stored in the application sandbox.
- Data in use is data from the application sandbox, that is temporarily stored in the application memory.
- Data in transit is mobile app data sent from the app to outside servers or other app users.
Data at rest encryption (DAR encryption), data in use encryption, and data in transit encryption build data protection for mobile apps. This ensures that any unauthorized party that tries to access the data, regardless of the state the data is in, won’t be able to read it.
Why is App Encryption Important?
Data at rest encryption is the foundation method of any mobile security model. In-app encryption is used to protect the data stored inside a mobile app or data stored by a mobile app in the application sandbox, preferences, or other areas.
Examples of data created and stored by the app are personally-identifying information (PII) such as usernames, passwords, account details, payment methods, and more. Mobile apps also contain all your development information, such as APIs, keys and secrets, backend service URLs, authentication tokens, preference and permissions data, and the certificates used for pinning and validation.
Without this data, nothing works. With so many different ways that apps generate data, there is simply no one-size-fits-all approach to secure data. This is why manually coding Android data at rest encryption and iOS database encryption is such a daunting undertaking.
In addition, this data is very valuable for hackers and can lead to account takeovers, identity theft, credential theft, credential stuffing, DDoS, and other attacks and exploits.
Appdome TOTALData Encryption
The ability to create flexible encryption models to suit different mobile app use cases is what makes TOTALData™ Encryption so powerful. By default, Appdome uses industry-standard AES 256 encryption (Enterprise Grade). However, users also have the ability to utilize FIPS 140 2 encryption (military grade) to protect all data stores. This makes their apps FIPS 140 2 compliant and meets the security requirements for US Federal and National Defense use cases.
Mobile encryption and decryption are resource-intensive processes and Appdome optimizes these by dynamically generating symmetric encryption keys at runtime. Each symmetric key is generated by Appdome using industry-standard AES mechanisms. The keys are never stored on the mobile device and are derived at run-time. By default, Appdome generates and uses its own encryption keys.
The First Comprehensive Mobile Data Encryption Service You Can Deploy in Under 5 Minutes
Implementing Appdome TOTALData Encryption in an app is easy on Appdome. Appdome users upload an app, select what and how to protect mobile app data and click “Build My App.” Appdome’s mobile security platform takes care of the rest. Replacing the work developers would do manually to protect the data of the app, including generating or managing keys, storing encryption keys, and fine-tuning your encryption list.
Appdome TOTALData Encryption is a complete solution. In addition to protecting the mobile app sandbox, it also encrypts in-app preferences, in-app strings & preferences, in-app secrets, signing keys and certificates, authentication tokens, client certs, and more. Customers have granular control over what to encrypt (and what to exclude). Customers can also generate and manage shared and seeded encryption keys from external systems.
Additional Data Encryption for Android
Appdome offers developers two additional methods to protect Android app data. Encrypting sensitive strings.xml values allows for xml encryption. The second method is to use Code Packing to encrypt the mobile app’s compiled Java code and decrypt it at run-time.
Appdome TOTALData Encryption Offers Better Encryption Controls
Appdome TOTALData Encryption offers unique Encryption Controls for Android encryption and iOS encryption :
- Encryption Using In-App Seed.Users can select from a variety of brand new key generation and management features. These features allow virtually endless combinations of shared and managed encryption keys. Including seeded keys from external systems and derived keys generated from in-app events such as a log-in or other user event.
- SMARTApp™ Offline Access. This new capability provides mobile end-users offline access to encrypted filesand data stored in the app – even if the app is not connected to a network. File access and other protected data can be set for a configurable time period – as long as relevant conditions are met.
- Secure Enclaves™ – The newest generation of mobile microprocessors are now powered by chipsets designed from the ground up with segmented areas for encrypted data. In iOS, this concept is known as a “Secure Enclave“. In Android, it’s known as a “TrustZone“. Appdome Secure Enclaves automatically adjusts the encryption method to take advantage of these new secure enclaves, if available.
Recommendation for Developers
The value proposition for developers and non-developers alike is clear. Add Android data encryption and iOS data encryption to any mobile app, instantly, without code or coding. There are no pre-requisites for the app. No SDK or Library to add to the app. Just upload, select, and click “Build My App” to protect every piece of data created and used by your app today!
To learn more about Appdome’s encryption methods for data in transit, check out our KB article on MITM attack Protection.
This blog was first published on May 5, 2019, and was updated on June 12, 2020