With the pandemic and rapid digital growth, security breaches and fraud have led to increased costs to the government, businesses, and insurers. In addition to the ransomware payments and lost funds, businesses have faced reputational damages and individuals have had their sensitive data leaked. Even the basic things that we need to live, such as water, have been threatened.
- Florida Water System – On February 9, Attacker tried to poison the water supply remotely.
- LinkedIn – On April 9, LinkedIn faced data leakage of about 500M active users.
- United Kingdom Authorised Push Payment Fraud – In 2020, Criminals used COVID-19 to target victims online, resulting in fraud losses of £479 million.
To address the rising costs of breaches and fraud, businesses have turned to insurers. Now these insured businesses are increasingly targeted by attackers. Ransomware claims are estimated to have increased 300% in last year. Ransomware gangs such as REvil are targeting companies that have insurance. As a result, insurers have raised the bar for companies looking to get insurance to cover the costs of a breach. “Underwriters are demanding to see detailed proof of clients’ cybersecurity measures in ways they never have before.”
One way to show insurers and auditors that your company has implemented cybersecurity measures is to show your apps protect against the OWASP mobile top 10 risks. This list has the most common security flaws found in mobile applications. Many fraudsters and hackers use mobile apps to launch attacks. Or they misuse mobile apps to get data that is then used to abuse or weaponize the mobile app. In a previous blog, we discussed how Appdome Mobile Security addresses the OWASP mobile Top 10 Risks and stops hackers from attacking mobile apps. While Appdome Mobile Security protects against attacks, Appdome Mobile Fraud Prevention prevents abuse. Mobile fraud occurs when malicious users, automated programs, or malware weaponize or interact with mobile apps to generate fake events, steal identities, goods or currency for example, by abusing legitimate app or OS functionality or misusing normal functions or development tools in unintended ways. Together, Appdome Mobile Security and Fraud Prevention provide developers and mobile businesses with one, no-code solution to protect mobile apps from reverse engineering and attack, as well as preempt and prevent mobile app fraud before it starts.
To understand how Appdome Mobile Fraud Prevention works, here are the ways it prevents the OWASP Mobile Top 10 vulnerabilities from leading to fraud.
- Appdome detects and blocks the use of non-approved keyboards to stop the exfiltration of keystroke information.
- Appdome detects and blocks overlay attacks that harvest confidential data and illegally transfer funds.
- Appdome blocks malware and malware methods such as key injection and accessibility abuse from being used to modify or interfere with the mobile app.
Appdome protects users and app-specific data stored in-memory. Appdome prevents fake values from being inserted into the application memory.
- Appdome stops malicious apps and programs from interacting with your app to safeguard your business against mobile click farms, click bots, clickjacking, ad fraud and fake events.
- Appdome prevents dynamic instrumentation toolkits such as FRIDA, Magisk Hide, Magisk Manager from being used to interfere with your app, trick users, or create fake events.
- With Appdome, companies can stop credential stuffing attacks, mobile botnets and attackers from weaponizing your app in device farms, virtualized environments, and with Android Debug Bridge (ADB) to attack your mobile back end.
- With Appdome, mobile developers and publishers can ensure Android and iOS apps will not be copied or become trojan apps after the app is published to the public app store. Appdome validates that apps signed for Apple App Store and Google Play cannot be distributed through any other app stores and verifies the integrity of the app bundle and all its contents at runtime.
Appdome protects mobile all mobile data at rest, in transit and in use, including protecting user and app-specific data stored in memory.
- Appdome prevents dynamic instrumentation toolkits such as FRIDA, Magisk Hide, Magisk Manager from being used to interfere with your app, trick users, or create fake events.
- Stop credential stuffing attacks, mobile bot nets and attackers from weaponizing your app in device farms, virtualized environments, and with Android Debug Bridge (ADB) to attack your mobile back end.
- Appdome protects user and app-specific data stored in-memory. Appdome and fake values from being inserted into your app memory.
- With Appdome, mobile developers and publishers can ensure Android and iOS apps will not be copied or become trojan apps after the app is published to the public app store. Appdome validates that apps signed for Apple App Store and Google Play cannot be distributed through any other app stores and verifies the integrity of the app bundle and all its contents at runtime.
- Appdome protects user and app-specific data stored in the application memory as well as other forms of tampering.
- Appdome blocks malware and malware methods like method hooking, dynamic instrumentation, script injection, code injection and accessibility abuse from being used to modify or interfere with your mobile app.
- Appdome prevents dynamic instrumentation toolkits such as FRIDA, Magisk Hide, Magisk Manager from being used to interfere with your app, trick users, or create fake events.
- Appdome prevents reverse engineering (static and dynamic), as well as dynamic hacking tools, memory injection from being used to interfere with your app, trick users, or create fake events. Appdome prevents bad actors and fraudsters from creating fake and/or modified versions of iOS apps and re-signing and redistributing them.
- Appdome detects and blocks the use of GameGuardian, which is used extensively to cheat in mobile games.
Using Appdome you can encrypt sensitive data stored in iOS properties files (plists, info.plist) and plist files related to app signing (e.g., entitlements and provisioning profiles). Appdome also encrypts specific keys, such as GDApplicationIdentifier within the info.plist files, to protect mobile and SDKs and ad attribution. Appdome’s encryption model dynamically generates all encryption keys at runtime. As a result, encryption keys themselves are not stored inside the application. For more information on how Appdome encryption works, see this article.
Other Helpful Resources
To provide proof of compliance with cybersecurity and anti-fraud measures, see Appdome’s Certified Secure.
For more information on Appdome’s Mobile Fraud Prevention, see:
https://www.appdome.com/mobile-fraud-prevention/
https://www.appdome.com/mobile-fraud-prevention-series/prevent-mobile-malware/
https://www.appdome.com/mobile-piracy-prevention/
Related Posts
Protect All Mobile App APIs Against the OWASP API Security Top 10 Risks
Protect Against OWASP Mobile Top 10 Risks with Appdome Mobile Security Suite
Other Helpful Resources
OWASP MASVS Test Plan for Reverse Engineering prevention – typically used by Appdome customers and penetration testers to validate the application’s defenses and test the app’s resilience to malicious reverse engineering.
To see Appdome live in action, request a demo today.
