Application Security

9/12/2018
04:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Appdome Releases Two New Mobile App Security Protections

New industry-first capabilities protection mobile communications & the underlying mobile app

Redwood City, Calif – Sept. 12, 2018 – Appdome, the mobile industry's first no-code, cloud platform for mobile app integration, today announced new advanced security features within its Mobile App Security Feature Set to protect mobile communications and mobile applications from hackers and malicious activity.

Both features are industry firsts – providing new levels of security for Android and iOS apps not found elsewhere in the market. Further, new and existing mobile app security features can be implemented without access to source code, directly to the application binary in seconds, regardless of the development environment used to build the app.

"Mobile threats are increasing in frequency and sophistication, said Avi Yehuda, co-founder and CTO of Appdome. "App makers and mobile developers are demanding two critical things from the industry – more advanced protections to secure mobile communications and shield mobile applications at every level, and faster, more consistent ways of adding these protections."

The first of the new security features adds to Appdome's industry-leading TOTALCode™ Obfuscation solution. The new feature targets at Non-Native applications built in React Native, Cordova or Xamarin. These environments embed the business logic of apps outside of where a traditional iOS or Android application's code resides (i.e. storing business logic of apps in JavaScript and DLL files outside the app's main binary).

With this release, and without writing any code or touching source code at all, Appdome's TOTALCode Obfuscation can now obfuscate and protect the "extra" files deep inside non-native applications, thwarting any malicious agent that wants to extract or reverse-engineer these files. Appdome users can put these new features to use by selecting "File Obfuscation" within TOTALCode; feature set available on Appdome. With this release, Native and Non-Native applications share the same range of mobile app shielding options, including anti-reversing, anti-tampering, anti-debugging, encryption for strings and preferences and more. All app shielding features can be added without any performance tradeoffs or work typically associated with other solutions.

The second of the new security features is called Trusted Session Inspection. Trusted Session Inspection is an advanced Man-in-the-Middle protection model for Android and iOS apps that verifies the SSL connection on the go. The key element of Trusted Session Inspection is the ability to keep track of the SSL session and validate the CA authenticity as it is being sent. Trusted Session Inspection is stateful and has no performance impact on the app. It allows for malicious proxy detection regardless if the proxy is internal or external to the mobile device. It can also prevent an app from resuming unauthorized SSL sessions it did not initiate. With Trusted Session Inspection, Android and iOS apps are protected against all types of attacks, such as malicious proxy, ARP spoofing or any other session hijacking techniques.

Both new features are available now on Appdome. To add these new security features to an Android or iOS app, app makers and mobile developers simply sign in to Appdome's self-service, no-code platform, upload an .ipa (for iOS apps) or .apk (for android Apps), select the desired protections, and click "Fuse My App." In seconds, the new protections are added to each app and the newly secured apps are ready for deployment.

"Better security with less work for all mobile apps has been our motto from the start," Tom Tovar, CEO of Appdome said. "These features extend our leadership in making mobile app security a reality from first use across all Android and iOS apps."

About Appdome

Appdome is a productivity platform for mobile integration, providing the rapid integration of multiple third-party functions to apps, shortening the deployment cycle and connecting mobile apps to other services on demand. The codeless service operates as a mobile integration workflow in the cloud and allows users to perform integration projects on the final application package. No source code or development expertise is required. Likewise, no modifications to an app or an SDK are required to complete integration projects on the platform. The solution is currently used by the world's leading financial, healthcare and e-commerce companies to support productivity, compliance and security for consumers and employees. Appdome was rated a "Cool Vendor" in Mobile Security by Gartner in 2015. The company is based in Silicon Valley, United States and Tel Aviv, Israel. For more information, visit www.appdome.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Box Mistakes Leave Enterprise Data Exposed
Dark Reading Staff 3/12/2019
How the Best DevSecOps Teams Make Risk Visible to Developers
Ericka Chickowski, Contributing Writer, Dark Reading,  3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.