With the May 25th deadline to begin GDPR compliance looming, an increasing number of our customers are asking “How can Appdome help my mobile apps be GDPR ready?” With mandatory notifications for data breaches and stiff penalties for non-compliance, it’s a great question.
GDPR imposes three continuous requirements on all mobile apps – data protection, data minimization and privacy by design. Our users already know that on Appdome, anyone can add EMM, MDM and Appdome’s stand-alone security features to Android and iOS apps in seconds, no code or coding required. These features provide data protection by encrypting mobile app data, adding jailbreak and rooting protection, PIN codes, VPN, and remote management of the app and its data.
Appdome customers can also leverage several data minimization features on Appdome. These can be used to make general purpose apps fit for work use, using such features as disabling a mobile app’s access to personal contacts and calendars. This directs the app’s access to corporate data on corporate servers, protecting employee’s personal data as required by the new law. Appdome also offers a new service, called BoostEMM™, that allows organizations to connect secure browsing and secure mail clients to links passed between users inside apps. This closes important gaps presented by non-compliant email and browsing clients apps use by default.These features and more help Appdome customers instantly address the data minimization requirements of GDPR, for every mobile app provided to their end users.
The GDPR’s broad requirement for “privacy by design” is one of the most critical and toughest parts of the new law. In short, privacy by design means that organizations and developers must implement “appropriate technical measures” that ensure data-protection and integrate “the necessary safeguards” into the processing of personal data in order to meet the requirements of the GDPR and protect the rights of data subjects. It’s a broad requirement to do (add) technological safeguards that applies to all apps, all services implemented in apps and all providers of apps to end users.
There is no safe harbor for organizations that provide 3rd party apps or embed 3rd party SDKs/APIs in apps provided to their users. For developers, satisfying the privacy by design can be tough. App developers can only control the code that they write. They have no control over the SDKs and APIs that get embedded into apps. Enterprises and other organizations often provide 3rd party apps to their users. These organizations have zero-to-no control over how the 3rd party apps are built. More often than not, apps don’t have protections that protect the data, structure or resources of the app. Inside the code of an app itself, hackers can zero-in on non-compliant parts of the app, including strings and preferences where critical data about users and networks are stored. Ensuring privacy by design is one of the toughest parts of GDPR because it means that all elements of the app need to be protected.
Helping to ensure privacy by design is one of Appdome’s strongest value propositions. With every implementation completed on Appdome, customers are provided with advanced app hardening technologies under the brand ONEShield™. This service protects the service implemented on Appdome (like EMM, MDM, security, analytics, payment, etc.) and protects the app itself from tampering, reversing and debugging – all techniques hackers use to access personal data inside the app. Two recent additions to ONEShield offer features critical to achieving privacy by design. The first, called TOTALCode™ obfuscation, allows Appdome users to obfuscate the entire app binary generated on Appdome. The second, allows Appdome users to encrypt strings and preferences inside the app. Using these features, enterprises and developers can protect the structure of the app as well as the critical data like user names, service addresses, passwords, and in-app secrets stored in the app’s code.
As the May 25th deadline draws near, Appdome’s core value proposition is shining. Our customers can add data protection and privacy by design features to apps immediately, no code or coding required. Appdome customers do not re-write code. Appdome customers do not re-architect their apps. They also don’t wait for their app vendor or SDK vendor. Appdome customers simply upload an app to Appdome, select the services they want to add and click fuse my app. The Appdome platform does the rest, adding privacy by design to every implementation.
Thank you for using Appdome.