Mobile application security: Hardening, Shielding, RASP…

Posted by Luc Pinto-Capelle on May 27, 2019

With the drastically increasing frequency of hacking attempts on mobile applications, on both iOS and Android, and the often devastating consequences they unleash, it is more crucial than ever to use mobile application security solutions. Hardening and shielding refer to a set of technologies designed to protect applications against piracy, exploits, breaches, tampering, as well as reverse-engineering and invasive monitoring, therefore securing intellectual property and ensuring compliance with the current data privacy regulations.

 

hardening-shielding-mobile-security

 

New threats need new remediation strategies

As the market of mobile application security evolved to ward off the latest mobile attack techniques, many approaches to hardening and shielding arose and it can be hard to know what’s the best option for the newcomer in this field. The classic go-to method used by developers to counter attempts to access and manipulate applications’ code is still, in most cases, string encryption and variable renaming, both falling under the category of obfuscation strategies. However, the amplification of cyberattacks’ complexity and virulence progressively demoted the older encryption and obfuscation methods to an inadequate, incomplete status regarding mobile app security, paving ways for new approaches yielding better results such as the Runtime Application Self-Protection technology.

For a company undergoing the process of implementing mobile application security, a first major step is acknowledging that obfuscation and passive defenses are only temporary ways of mitigating external threats, and by no means an efficient, definitive measure. Cyberattacks now boast the ability to compromise the underlying libraries used by an application, creating a new, fast-expanding, and deadly new category of cyberattacks. The obfuscation method (based on encryption or variable renaming) works as a static form of defense against reverse engineering, but is rendered obsolete by these new active, innovative attacks.

 

Realtime protection for complete Mobile Application Security

Even though the existing hardening and shielding techniques are diverse and numerous, two main categories can be defined according to this necessity to assess the healthiness of app content and surroundings in real time. Active, comprehensive solutions will go way beyond their passive counterparts by diversifying their remediation strategies and adding runtime protection capacity to the basic layer of data encryption. For high value applications, such as the one processing financial transactions or embarking monetizable content or proprietary algorithms, it is vital to be able to monitor the integrity of their environment in real time and adapt their behavior to their surroundings.

New solutions, such as Pradeo Security Mobile Application Protection, leverage the Runtime Application Self-Protection technology to feature real-time, multi-layered and interconnected approaches to effectively remediate mobile threats.

 

Related technologies and names:

  • Mobile application hardening
  • Mobile application shielding
  • Runtime Application Self-Protection
  • Mobile RASP
  • RASP Security

 

Topics: Mobile Security, Mobile Application Security