Source Code Protection in Hybrid Mobile Apps
December 14th, 2020 | By Pedro Fortuna and Neal Michie | 2 min read
Hybrid mobile apps have become business assets. Perhaps you’ve heard the phrase “every company is an app company” before.
Mobile apps have effectively transformed whole industries like transportation, media, retail, and accommodation, making it extremely easy for consumers to engage with service providers and deliver a uniform experience wherever they are located.
This year alone, mobile banking app usage has doubled in the US, and we see a similar pattern worldwide. However, the strength of mobile can quickly become a weakness if companies don’t pay enough attention to their security risks.
Hybrid Mobile Apps, Security, and Trust
Trust is an essential component of any business. And while trust and security are often confused, they are interlinked; if security is compromised, it can quickly break down years of hard-earned trust.
Mobile apps face a tough scenario when it comes to security.
When companies release their apps unprotected into the wild, they are putting them at risk of attacks.
Through reverse engineering, attackers can analyze the whole app and find assets such as proprietary code or how personal data is stored.
Technical risk quickly becomes a business liability. For instance, the lack of compliance with data protection regulations such as GDPR and CCPA might create headaches for business owners.
Mobile security for mobile banking apps
Research by Verimatrix regarding the state of mobile security for mobile banking apps shows that 95% of banking apps aren’t taking the appropriate security steps.
This tendency spans different industries, such as video streaming and OTT. Mostly, the reason behind this is a lack of client-side security.
The Client-Side Security of Hybrid Mobile Applications
This liability has been explored in some of the most common security standards and frameworks.
The ISO 27001 standard, for instance, states that “program source code can be vulnerable to attack if not adequately protected and can provide an attacker with a good means to compromise systems in an often covert manner.”.
And OWASP advises that “the mobile app must be able to detect at runtime that code has been added or changed (…) The app must be able to react appropriately at runtime to a code integrity violation.”.
How can development teams ensure that their source code is protected?
For more details on this, watch our webinar, where these protections are explored and demonstrated by Pedro Fortuna, CTO of Jscrambler, and Neal Michie, Director of Product Management at Verimatrix.
Must read next
September 8, 2014 | By Pedro Fortuna | 4 min read
Application Security in Banking
May 10, 2022 | By Jscrambler | 3 min read