Threat and risk data is critical to combating mobile fraud. Everyone knows that. The more important challenge has been “when,” “where” or “how” to leverage this data to defeat fraud. Using threat data as part of a post-transaction evaluation process to detect fraud has been used widely for some time. More recently, using threat data to preempt fraud has grown in popularity. Using threat data reactively or proactively has several pros and cons.
What if threat data could be used in the moment of a transaction to deliver just-in-time fraud prevention to every mobile user on the planet? In the past, this has been a resource intensive (computational) challenge. What if that computational challenge can be eliminated so that detailed mobile attack and threat data can be used by mobile services and applications easily?
Basic History of Using Threat Data to Combat Fraud
The oldest method of using data to combat fraud has been to use post-transaction signals and analysis to evaluate transactions for evidence of fraud. In the earliest days, this was done manually. Then, machines were used to speed up and improve analysis. The downside of this approach is that it delays detection until the fraud event has already occurred and lessens the ability of the solution to reduce financial losses. Fraud may be detected, but if detection happens after the fact, the result is significantly less valuable to both the brand and the consumer. This approach is used to determine whether to reimburse the victim, not eliminate fraud.
Preemptive fraud detection services started emerging in the early 2000s. These systems used machine learning models to learn from historical data and identify complex patterns and anomalies that are indicative of fraud. Starting in the 2010s, AI and deep learning models started being used to analyze not just transaction data, but also unstructured data such as emails and social media, providing a more comprehensive view of potential threats. These products promised the ability to use these large data sets to more accurately detect patterns of fraud, stop fraudulent transactions and reduce financial losses. However, preemptive anti-fraud solutions came with a higher price tag, not only in terms of investment, but also in complexity, time and resources require to fine tune the system, and higher than expected false positive rates.
Appdome’s Vision for Democratizing Fraud Data
As part of our service, we have observed a staggering number of fraud and other security events from billions of mobile app installations from approximately 144,000 Appdome-protected mobile apps built and released to the public app stores via our platform. Currently, we receive, analyze and monitor roughly 13 billion security and fraud events from mobile applications per month. This number is expected to grow to 1.3 trillion fraud, malware, and security events per month by this time next year.
We’ve studied this data and compared it to the telemetry available in most mobile services consumed via SDKs in Android and iOS apps. The gap between the threats and attacks that are happening in and to mobile applications, and the data used in mobile service SDK alarmed us. On average, mobile service SDKs – including payment, authentication, advertising, bot defense and other SDKs – consume 2 to 3 threat or risk signals only. Consider, for example, a typical anti-bot SDK: its security and fraud protections will typically cover jailbreak/root detection and emulator protection only. This means that most mobile service SDKs are blind to the real volume, range and diversity of attack, threat and risk data relevant to stopping fraud.
Seeing this, it hit us. The best thing we can do to support the mobile app economy is to democratize mobile fraud, threat and attack data by providing access to the intelligence framework that detects fraud, attack and threat data in mobile applications and allow mobile service SDKs to consume any number of threat signals needed in mobile service SDKs.
Real-world threats are numerous and highly diverse, and include everything from data leakage, reverse engineering, malicious apps, code injection, malware, keylogging, overlay attacks, biometric spoofing (both fingerprint and facial), geo-fraud, device exploits, and clickjacking. The need for more robust and comprehensive fraud, attack and threat data in mobile services is clear.
The Vision of SDKProtect™ & Democratized Fraud Data
We asked ourselves a simple question – what if mobile SDK makers could employ 30, 300, or even 3,000 inspection points and know if the mobile device, OS, application, or connection has any activity that presented a fraud risk at the point of a transaction? Imagine using all that data in real-time and just-in-time for a high-fidelity decision – in the SDK – to process that transaction or adjust the service to proactively respond to threats, including, introducing new, altered or additional functionality or workflows inside the mobile application. That would be cool, way cool, if you ask me.
This vision is the foundation of SDKProtect™, Appdome’s new service designed to provide SDK makers with three benefits: (a) protection for mobile SDKs, (b) threat-monitoring in mobile SDKs, and (c) threat-streams of metadata for any number of mobile attack and threat vectors in the mobile app lifecycle. With SDKProtect, mobile SDK makers can easily meet compliance objectives. More importantly, mobile SDK makers can create, customize and use simple or complex threat streams to consume fraud, attack, threat and risk data in the mobile SDK in real time. The result is better decision-making and fraud prevention, without compromising service quality or the consumer’s mobile app experience.
The advantage of Appdome’s approach is that it levels the playing field for all mobile SDKs. Mobile SDK makers can catch up to their peers or adopt more rigorous detection models to support higher classes of services. Each of the 300+ Threat-Streams provides (1) a ThreatID or name of the specific class of mobile attack or threat present at-the-time of the transaction, (2) the reasonData or root cause specific attack or threat triggering the event, and (3) detailed device, application, use, location and other meta data about the attack or threat. Optionally, this telemetry can include Appdome’s risk profiling data and be visualized through Appdome’s ThreatScope™ Mobile XDR monitoring solution to understand the scope of threats.
By democratizing access to real-time threat data and providing comprehensive security measures, Appdome is empowering SDK makers to build new services on top of this data and protect their mobile developer, mobile brands and enterprise customers more effectively. SDKProtect is not just a product; it’s a paradigm shift in how we approach mobile fraud prevention. As the mobile app ecosystem continues to evolve, SDKProtect will play a crucial role in safeguarding all of us against the ever-growing array of threats, ensuring a safer and more secure mobile experience for all users.
SDKProtect uses the same automated, no-code build system that integrates seamlessly into SDK makers’ CI/CD pipelines. It offers Certified Secure™ implementations to ensure a smooth release process between cyber and dev teams. Appdome’s automation approach is developer-friendly, ensuring no slowdown of the pipeline, no learning curve, and no additional work to implement our comprehensive coverage of 300+ mobile protections.
If you want to learn more about using Appdome SDKProtect, request a demo today.
