Source Code Protection in Hybrid Mobile Apps
December 14th, 2020 | By Pedro Fortuna and Neal Michie | 2 min read
Perhaps you’ve heard the phrase “every company is an app company” before. Mobile apps have effectively transformed whole industries like transportation, media, retail, and accommodation.
Mobile apps make it extremely easy for consumers to engage with service providers and deliver a uniform experience wherever they are located.
This year alone, mobile banking app usage has doubled in the US and we see a similar pattern all around the world. But the strength of mobile can quickly become a weakness if companies don’t pay enough attention to their security risks.
Trust is an essential component of any business. And while trust and security are often confused, they are interlinked – if security is compromised, it can quickly break down years of hard-earned trust.
Mobile apps face a tough scenario when it comes to security. When companies release their apps unprotected into the wild, they are putting them at risk of serious attacks. Through reverse engineering, attackers can analyze the whole app and find important assets such as proprietary code or how personal data is stored. So, this technical risk quickly becomes a key business liability – for instance, lack of compliance with data protection regulations such as GDPR and CCPA.
Research by Verimatrix shows that 95% of banking apps aren’t taking the appropriate security steps, and this tendency spans different industries such as video streaming and OTT. Mostly, the reason behind this is a lack of client-side security.
This liability has been explored in some of the most common security standards and frameworks. The ISO 27001 standard, for instance, states that “Program source code can be vulnerable to attack if not adequately protected and can provide an attacker with a good means to compromise systems in an often covert manner.” And OWASP also advises that “The mobile app must be able to detect at runtime that code has been added or changed (…) The app must be able to react appropriately at runtime to a code integrity violation.”
For more details on this, join our upcoming webinar where these protections will be explored and demonstrated in-depth by Pedro Fortuna, CTO of Jscrambler, and Neal Michie, Director of Product Management at Verimatrix.
Register for free here.