Despite being built with various shielding techniques, mobile apps are easily cloned or mimicked. As a result, fraud figures have kept growing since the advent of mobile banking and payments, and counterfeit apps infiltrating stores generates serious reputation and trust issues.
On these statements, Pradeo R&D team focused on the issue and came up with a brand-new functionality to tackle it. The new anti-clone/fake app capability is part of Pradeo Security In-App Protection service and complements shielding capabilities.
A bit of background
As their names are often misused, here is some clarification. A clone is an application that has been duplicated through reverse-engineering, tampered and repackaged. A fake app, however, is built from scratch and simply includes some part of the code of the app it’s pretending to be or mimics its interface. Both impersonate legitimate apps while embedding malicious behaviors such as screenloggers, keyloggers, or financial trojans to harvest credentials, sensitive data, or alter transactions and commit fraud.
A well-known example in the banking sector is Anubis, a malware that comes with an extensive hit list targeting 188 banking and finance-related apps, including major institutions. In 2019, 93% of total mobile transactions in 20 countries were blocked as fraudulent, according to a report released by Upstream.
Today’s shielding techniques, necessary but limited
Shielding, sometimes called hardening, is a set of techniques that intend to reduce the chances of reverse-engineering an app. Today, the category encompasses 4 techniques: code obfuscation, debugging detection, emulator detection and root/jailbreak detection. While being dissuading, these techniques don’t make it impossible to reverse-engineer an application, hence falling short when it comes to tackling clones. On the other hand, they are ineffective when it comes to preventing fake apps. As the mobile threat landscape evolves, shielding must extend its scope to fully cover this growing risk.
Pradeo’s shielding: A protection from both clones and fake apps
Starting from the premise that, one day or another, cybercriminals always find a way to impersonate legitimate applications, a new question emerges: How to thwart clones and fake apps?
Backed by its core expertise of application security, Pradeo has developed a unique in-app shielding functionality that neutralizes both clones and outright fake applications’ activities. As it prevents the malicious apps from carrying out their attack and alerts the organization of such attempts, both the company and its clients are assured to proceed with the legitimate application. Therefore, mimicking an application or an interface, even if doable, will become pointless as no data theft or fraud will occur from it and transactions from the clone/fake app will be neutralized.
This unique functionality is straightforward to implement and comes as an add-on to the existing Pradeo Security shielding offer.