Celebrating 500K App Builds Protected with Jscrambler: Lessons Learned
May 5th, 2020 | By Jscrambler | 5 min read
This week marks 500,000 app builds protected using Jscrambler.
During this decade, we invested extensively in R&D.
What did we learn from half a million protected builds (from over 43,000 users)?
JS Protection is Much More Than Obfuscation
On the contrary, Jscrambler isn’t an obfuscation tool that seeks to keep adding new features. It is a code protection technology that leverages tried-and-true techniques to address key security threats.
And this leads us to another key realization:
A great thing about protecting half a million app builds and working with over 43,000 users is getting to know in-depth several different attacks on source code.
Besides more obvious threats like intellectual property theft (as many applications have no choice but to ship proprietary logic on the client-side), we find more advanced threats like Automated Abuse, Piracy, and Data Leakage.
On the Web, abuse refers to exploiting the web application’s functionalities to gain access or privileges through the use of bots.
Automated attacks are concerning because they can target new versions of the code with minimal cost, which means that they can scale, hit more targets, or even allow attacks to be conducted remotely.
Cloud providers that offer free benefits for new accounts are often targeted, as attackers abuse this system to automate new trial account creation and use the benefits for mining cryptocurrencies, for example.
On the Web, users commonly submit data like their email, name, address, credit card number, or even medical information on a website using a form.
Management, Investors, and Regulators Call for JS Protection
As knowledge about Application Security becomes more widespread, we see source code protection becoming a standard. OWASP, for example, directly mentions this in their Mobile Top 10 Security Risks:
M8 Code Tampering
M9 Reverse Engineering
“The mobile app must be able to detect at runtime that code has been added or changed (…). The app must be able to react appropriately at runtime to a code integrity violation.”
“In order to prevent effective reverse engineering, you must use an obfuscation tool.”
And just last week, the National Institute of Standards and Technology (NIST) also dedicated a section of their secure software development white paper to “Protect Software”, stating:
Help prevent unauthorized changes to code, both inadvertent and intentional, that could circumvent or negate the intended security characteristics of the software. For code that is not intended to be publicly accessible, it helps prevent theft of the software and may make it more difficult or time-consuming for attackers to find vulnerabilities in the software.
Nobody put it better than one of our clients in Banking:
JS Doesn’t Stop, Attackers Don’t Stop: We Stay Ahead
Our mission has always been straightforward: to make sure companies can get the latest technology to safeguard their businesses in today’s context.
Just recently, we improved our protections by adding new features like Self-Destruct, and Self-Healing, while maximizing our compatibility with ES7/ES8, the main browsers, and JS frameworks and libraries.
We are truly proud of all these achievements and fulfilled by knowing that these 500,000 protected builds enabled our clients to push technology forward while keeping millions of users safe.
See you at 1 million!
Meanwhile, if you want to protect your own application builds with Jscrambler, start your free trial!
Must read next
Jscrambler Named in Deloitte’s Technology Fast 500
Jscrambler has been named in Deloitte’s Technology Fast 500 ranking of the fastest-growing technology companies in the EMEA region.
August 11, 2020 | By Jscrambler | 1 min read
Happy Holidays from Jscrambler - A Special Gift For You
To celebrate the holiday season, Jscrambler got you a very special present this winter. You have up until December 31 to get the discount. Hurry up!
December 22, 2017 | By Jscrambler | 2 min read