Mobile security in the B2C Market: Mobile App Protection ... › app › webroot › content_files...

Mobile security in the

B2C Market: Mobile App

Protection and Fraud

Prevention

Pedro Hernández

20th June 2019

Bangkok, Thailand

Service Providers have to take a Mobile First Approach to address the Consumers

There is a Diversity of Devices on the hands of the consumers and Service Providers have to tackle it

With Security breaches, there is no way back: Once the paste is out can’t be put back in

Options

The OEM ecosystem route

The WEB App route

The hardened App route

Neglecting “State-of-the-Art” technology in mobile appsExample: Insufficient security in mobile apps in German banks and the automotive industry

Source: “On App-based Matrix Code Authentication in Online Banking”, 2016https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/

Lack of Binary Protections

•97% of all apps tested lacked binary code protection: reverse engineer and decompile is possible exposing source code to analysis and tampering

Unintended Data Leakage

•90% of the apps tested shared services with other applications on the device: Data from the app accessible to any other application on the device

Insecure Data Storage

•83% of the apps tested insecurely stored data outside of the apps control allowing shared access with other apps; and, exposed a new attack surface via APIs

Weak Encryption

•80% of the apps tested implemented weak encryption algorithms allowing adversaries to decrypt sensitive data and manipulate or steal it as needed

Present day situation has not improved

Source: https://www.prnewswire.com/news-releases/analyst-report-financial-institutions-put-consumer-data-at-risk-by-failing-to-protect-mobile-apps-300822488.html

Build38 Security Wheel

Secure

Storage

Key Protection

Manager

Fast En- &

Decrypt

HW-Backed

Storage

Attestation Emulator

Detection

Debugger

Detection

Jailbreak

Detection

iOS

Runtime

Integrity

Rooting

Detection

Android

Secure

Channel

API

Protection

Key

Management

Personalized

App Security

Management

T.A.K License

Mgmt.

Analytics

Device

Binding

File

Protector

ID

Protection

Bot

ProtectionApp control

(MAM)

Insights

Android

Re-packing

Anti-Cloning

Read what Gartner says about

our solution!

Market Guide for Application Shielding

Next future

threat …

Real-time

Trust Level

Confidential

Top reasons for working with an App Protection Provider

Budget

Mobile market conformity – app security w/o the overhead of a MDM / MAM

▪ Automated app life cycle management

▪ Per app/devices basis: Steer application security and get insights

Speed

Provisioning

Meet timelines – time-to-market is crucial for success

▪ Fastest to integrate mobile application focused security SDK

▪ Designed with a developer mindset

▪ Developers focus is on app development, while mobile app security is built-in

Meet budget

▪ No need to engage expensive and scarce security specialist

Compliance Tick of security controls

▪ Meet regulatory or organizational compliance goals with one SDK

▪ Increase the security level of the mobile app on all Android and iOS devices

▪ Know what the apps are doing and react accordingly

The client and cloud framework allows real time risk and fraud prevention for real time decision making

T.A.K I/F

Fraud Mgmt.

Mobile App

Business Logic

T.A.K Client Library

Service Provider

Trusted Application Kit by Build38

T.A.K Cloud Insights & Analytics Build System

App Backend Dashboard Dev. & CI

API

Faster than Anyone Else

Build, Test, DeployREST based API for integration

into DevOps cycle for

continuous integration

Knowledge is Power

Insights & AnalyticsInformation gain: know what

your device base is doing. Fight

threat and fraud early.

Trust is Essential

Control is betterBase your decision on an

outside opinion, and not what

the app tells you

Closer to the customer

Quick issue responseMulti-channel Service Mgmt.

Scale fast, easy setup

Automated InfrastructureInfrastructure-as-Code (IaC,

Terraform)

Overview of companies who trust our solution

3

Consortium of:Authentication

Transit

Energy

Automotive

and more

Read what Gartner says about

our solution!

Market Guide for Application Shielding

Note: Not allowed to show all logos of customers

multi-million Apps already

secured for large APAC

energy retailer

THE ONE essential security solution for Mobile Apps and Assets

On the device In your backend For your SOC Against Fraud

▪ Self defending App

protects itself

▪ Platform agnostic

▪ Security for keys,

data, and code

▪ Transparent usage for

the customer

▪ Secure channels to

unsecure devices

▪ Anti cloning for IDs

▪ API protection

▪ Personalisation per

App (and user)

▪ Password less FIDO

▪ 3rd Factor security

▪ Mobile application

management

▪ Threat detection

▪ Insights on trust levels

and attacks

▪ Backchannel for the

self defending App

▪ Real time monitoring

▪ Social engineering

disabled by 3rd factor

security

▪ Trust level KPIs

▪ Strong authentication

▪ GDPR compliance

enablement

Your contact person for questions about our solution. We are looking forward assessing your eco-system with you

Pedro HernándezManaging Director APAC and Co-Founder

+65 9003 5357

pedro.hernandez@build38.com

www.build38.com

www.linkedin.com/in/pedro-hernandez-pena/

Meet us:

Cybertech Asia | Bangkok | 19-20.06.2019

RSA APJ | Singapore | 16-18.07.2019

itsa | Nürnberg | 8.-10.10.2019

IOT Solutions World Congress | Barcelona | 29.-31.10.2019