Appdome TOTALData™ Encryption is one of the cornerstones of our Mobile Security Suite. This mobile data encryption solution protects all application data coded, created, and used by the mobile app.
What is Mobile Data Encryption?
As we discussed in a previous blog, every Android and iOS app uses three states of data. Data at rest (DAR), data in transit, and data in use (aka data in memory).
- Data at rest is persistent data, stored in the application sandbox
- Data in transit is mobile app data sent from the app to outside servers or other app users
- Data in use is data from the application sandbox that is temporarily stored in the application memory while the app is running
Data at rest encryption (DAR encryption), data in use encryption, and data in transit encryption are a fundamental component of protecting data in mobile apps. This ensures that any unauthorized party that tries to access the data, regardless of the state the data is in, won’t be able to read it.
Why Is it Important to Encrypt Mobile App Data?
Data encryption is a foundational method of any mobile security model. In-app encryption is used to protect the data stored inside a mobile app sandbox and other areas, such as resource files/folders, app preferences, and other areas.
Mobile apps create, store, use and process a lot of data. Examples of data created and stored by the app are personally identifiable information (PII) such as usernames, passwords, account details, payment methods, and more. Mobile apps also contain all your development information, such as APIs, keys and secrets, backend service URLs, authentication tokens, app preferences and permissions data, and the certificates used to transmit data.
And all of that data is valuable (valuable to users, valuable to enterprises, and valuable to cybercriminals). Cybercriminals make a living monetizing stolen mobile data. Hackers also harvest mobile data in order to execute account takeovers, identity theft, credential theft, credential stuffing, DDoS, and other attacks and exploits).
Not encrypting the data in your app is almost an invitation to hackers to use the data in your app for malicious purposes. Case in point, in January 2021, the social media app Parler was hacked. Hackers were able to reverse-engineer the Parler iOS app, in order to find a web address that the application uses internally to retrieve data. The hackers then used this network information to access the backend servers to launch their attack. This attack was easily avoidable if the app used data encryption.
Why Is Mobile Data Encryption Difficult?
Mobile app data is extremely diverse and heterogeneous (both across apps and within the same app). Differences in data structure, data type, size, frequency of reads/writes, and length of storage typically drive implementation differences in terms of the encryption methods, algorithms and cipher suites, each of which can impact performance significantly.
With so many different ways that apps generate data, there is simply no one-size-fits-all approach to secure or encrypt data. This is why manually encrypting mobile app data in Android and iOS apps is such a daunting undertaking. 100% of the work falls on the developer. SDK-based and manual encryption methods offer an unknown outcome and if done incorrectly can degrade performance and user experience.
How Does Appdome Make Mobile Data Encryption Easy and Unique?
Implementing Appdome TOTALData Encryption in an app is easy on Appdome. Appdome users upload an app, select what and how to protect mobile app data and click “Build My App.” Appdome’s mobile security platform takes care of the rest. Replacing the work developers would do manually to protect the data of the app, including generating or managing keys, storing encryption keys, and fine-tuning your encryption list.
Appdome TOTALData Encryption is a complete and unique solution. Unlike SDK-based and manual encryption methods that only encrypt part or all of the application sandbox, TOTALData Encryption encrypts both data stored in the sandbox as well as data stored throughout the code. Without data in the code, the app does not work. This data is stored in in the app preferences, strings, resources and in-app secrets, strings.xml value, and java class .dex files. This data includes usernames, passwords, API keys, SSL certificates, server URLs and passwords, authentication tokens, client certificates, and more. Encrypting all this data with impacting the app’s functionality or performance is very hard.
Appdome dynamically encrypts all data generated and stored in the app at runtime using industry-standard AES 256 cryptographic protocols. Appdome’s implementation for android data encryption and ios data encryption does not impact app behavior, functionality or performance. Customers have granular control over what to encrypt (and what to exclude). This ability to create flexible encryption models to suit different mobile app use cases is what makes TOTALData™ Encryption so powerful. By default, Appdome uses industry-standard AES 256 encryption (Enterprise Grade). However, users also have the ability to utilize FIPS 140-2 encryption (military grade) to protect all data stored. This makes their apps FIPS 140-2 compliant and meets the security requirements for US Federal and National Defense use cases.
Dynamic Encryption Key Management
Another major differentiation is how Appdome generates and manages encryption keys. Mobile encryption and decryption are resource-intensive processes and Appdome optimizes these by dynamically generating symmetric encryption keys at runtime. Each symmetric key is generated by Appdome using industry-standard AES mechanisms. The keys are never stored on the mobile device and are derived at run-time. Because Appdome dynamically generates the encryption keys at run-time, only the data the app needs to complete the function the user wants, gets decrypted. This ensures optimal performance and eliminates any negative user experience.
Mobile Data Encryption Controls
Appdome TOTALData Encryption also offers unique Encryption Controls for Android encryption and iOS encryption :
- Encryption Using In-App Seed.Users can select from a variety of key generation and management features. These features allow virtually endless combinations of shared and managed encryption keys. Including seeded keys from external systems and derived keys generated from in-app events such as a log-in or other user event.
- SMARTApp™ Offline Access. This new capability provides mobile end-users offline access to encrypted files and data stored in the app – even if the app is not connected to a network. For an added measure of security, customers can even set conditions that need to be met in order to allow the user to access encrypted mobile data while offline.
- Secure Enclaves™ – The newest generation of mobile microprocessors are now powered by chipsets designed from the ground up with dedicated/segmented areas for encrypted data. In iOS, this concept is known as a “Secure Enclave“. In Android, it’s known as a “TrustZone“. Appdome Secure Enclaves automatically adjusts the encryption method to take advantage of these new secure enclaves (on mobile devices that have these new chipsets).
Recommendation for Developers
The value proposition for developers and non-developers to implement mobile data encryption is clear. You can save a lot of work, time and effort using Appdome to implement mobile data encryption in any mobile app – instantly, without code or coding. You don’t need to change your app in any way in order to implement data encryption using Appdome. The workflow is the same for android data encryption as it is for ios data encryption. There’s no Appdome SDK, you don’t need to add any libraries. Just upload an app binary, select the encryption features you need, and click “Build My App” to protect every piece of data created and used by your app today!
To learn more, download the Appdome TOTALData Encryption datasheet, read the KB article, or create your account and get started with Appdome today.
To learn more about Appdome’s encryption methods for data in transit, check out our KB article on MITM attack Protection.