Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

9/12/2018
04:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Appdome Releases Two New Mobile App Security Protections

New industry-first capabilities protection mobile communications & the underlying mobile app

Redwood City, Calif – Sept. 12, 2018 – Appdome, the mobile industry's first no-code, cloud platform for mobile app integration, today announced new advanced security features within its Mobile App Security Feature Set to protect mobile communications and mobile applications from hackers and malicious activity.

Both features are industry firsts – providing new levels of security for Android and iOS apps not found elsewhere in the market. Further, new and existing mobile app security features can be implemented without access to source code, directly to the application binary in seconds, regardless of the development environment used to build the app.

"Mobile threats are increasing in frequency and sophistication, said Avi Yehuda, co-founder and CTO of Appdome. "App makers and mobile developers are demanding two critical things from the industry – more advanced protections to secure mobile communications and shield mobile applications at every level, and faster, more consistent ways of adding these protections."

The first of the new security features adds to Appdome's industry-leading TOTALCode™ Obfuscation solution. The new feature targets at Non-Native applications built in React Native, Cordova or Xamarin. These environments embed the business logic of apps outside of where a traditional iOS or Android application's code resides (i.e. storing business logic of apps in JavaScript and DLL files outside the app's main binary).

With this release, and without writing any code or touching source code at all, Appdome's TOTALCode Obfuscation can now obfuscate and protect the "extra" files deep inside non-native applications, thwarting any malicious agent that wants to extract or reverse-engineer these files. Appdome users can put these new features to use by selecting "File Obfuscation" within TOTALCode; feature set available on Appdome. With this release, Native and Non-Native applications share the same range of mobile app shielding options, including anti-reversing, anti-tampering, anti-debugging, encryption for strings and preferences and more. All app shielding features can be added without any performance tradeoffs or work typically associated with other solutions.

The second of the new security features is called Trusted Session Inspection. Trusted Session Inspection is an advanced Man-in-the-Middle protection model for Android and iOS apps that verifies the SSL connection on the go. The key element of Trusted Session Inspection is the ability to keep track of the SSL session and validate the CA authenticity as it is being sent. Trusted Session Inspection is stateful and has no performance impact on the app. It allows for malicious proxy detection regardless if the proxy is internal or external to the mobile device. It can also prevent an app from resuming unauthorized SSL sessions it did not initiate. With Trusted Session Inspection, Android and iOS apps are protected against all types of attacks, such as malicious proxy, ARP spoofing or any other session hijacking techniques.

Both new features are available now on Appdome. To add these new security features to an Android or iOS app, app makers and mobile developers simply sign in to Appdome's self-service, no-code platform, upload an .ipa (for iOS apps) or .apk (for android Apps), select the desired protections, and click "Fuse My App." In seconds, the new protections are added to each app and the newly secured apps are ready for deployment.

"Better security with less work for all mobile apps has been our motto from the start," Tom Tovar, CEO of Appdome said. "These features extend our leadership in making mobile app security a reality from first use across all Android and iOS apps."

About Appdome

Appdome is a productivity platform for mobile integration, providing the rapid integration of multiple third-party functions to apps, shortening the deployment cycle and connecting mobile apps to other services on demand. The codeless service operates as a mobile integration workflow in the cloud and allows users to perform integration projects on the final application package. No source code or development expertise is required. Likewise, no modifications to an app or an SDK are required to complete integration projects on the platform. The solution is currently used by the world's leading financial, healthcare and e-commerce companies to support productivity, compliance and security for consumers and employees. Appdome was rated a "Cool Vendor" in Mobile Security by Gartner in 2015. The company is based in Silicon Valley, United States and Tel Aviv, Israel. For more information, visit www.appdome.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.