MOBILE APPLICATION PROTECTION

Our deep knowledge of the science of cryptography and security simplifies adoption of security best practices for your developers. This enables them to flex their artistic muscles and focus on form and function, creating beautiful digital experiences without being burdened by security compliance requirements.

Cryptomathic provides tools that:

• Get you to market faster with robust app security that doesn’t sacrifice development speed
• Minimize threat risks with 360° defense mechanisms integrated straight into your code
• Works your way, compatible with all common build tools and development environments
• Adapts to your needs, with customization options depending on your security and performance requirements
• Always update so your app protections stay ahead of attackers
• Come with integration support for add-ons that, for example, detect suspicious activity or  perform device fingerprinting
  
  Multi-layered protection for bank-grade security
  

Cryptomathic MASC is a security software development kit (SDK) for mobile apps on Android and iOS.

Five core components make MASC the leading mobile app defense solution available:

Sentinel security Technology

• Technology embedded in the app that’s always watching, triggered by over 120 different types of attack vectors, such as attempted screenshots, to rooted devices and suspicious activity from possible malware infecting the phone
• Runtime Application Self-Protection (RASP) – powered by these ‘sentinels’ – monitors app and device activity. Irregular or unwanted activity can be responded to quickly and decisively
• Our detectors have been fine-tuned over several code generations and you can control how aggressively they search and what they detect
• The response can be set to soft measures, such as a warning message to the backend system, or extremely aggressive, such as crashing the application to prevent further harm

Application hardening 

• Make apps more difficult to reverse-engineer and guard against tampering, protecting app IP and preventing exploits
• Application hardening mechanisms include:
  • Code hardening
  • White box encryption
  • Data obfuscation and native code obfuscation
  • Protected configuration
  • Anti-debug and Anti-tampering
  • Emulator, root and jailbreak detection

DEVICE AND API ASSURANCE 

• Be confident that the backend system is communicating with a genuine app and vice versa.
• API Protection builds on dynamic cryptographic keys and secrets to protect against reverse engineering and tampering.
• Protect server APIs from unauthorized access, by preventing non-approved third-party apps or aggregators from accessing the APIs.
• Device Assurance improves the assurance level to include device-specific secrets, known as device binding, so no-one else can access data not meant for them.

secure storage

• Prevent separation of data and application
• Prevent migration or copying data to other devices
• Protect and encrypt the cryptographic keys generated and managed 

Secure connectivity

Ensure the app only communicates with the intended system and maintains its own certificate store

Measures for securing connectivity include:

• Access token and cookie protection
• Encrypted transport
• Strong Authentication
• HTTPS tunnelling
• Device health and audit logging

See how Cryptomathic Mobile App Security Core (MASC) works:

hOW WILL DIGITAL IDENTITY WALLETS TRANSFORM CUSTOMER EXPIERENCES? 

Governments worldwide are exploring and launching digital identity wallets, creating powerful and convenient gateways to services from healthcare, to payments, insurance and more. 

These wallets are typically accessed via mobile devices. They enable quick access to certified ID documents, such as driving licenses, permits, health cards or passports, so consumers can quickly provide instant, irrefutable proof of their identity anytime, anywhere. 

Unauthorized access to such sensitive information on mobile devices can not only make customers and businesses vulnerable. It could pose national security risks. 

If a passport stored in a digital wallet is compromised, it affects the ability of border force agents to correctly identify someone crossing the border. Bad actors could illegitimately cross nations or genuine citizens could be denied entry.

As massive volumes of sensitive information flow through our mobile devices, are you prepared and confident to handle the increased risks of a digital-first society?

You must make sure your digital ID and mobile wallet apps can:

• Safely store and transit sensitive private data
• Keep secrets secret – even from the developers working on your apps
• Meet stringent compliance requirements with eIDAS, PCI and other regulations
• Protect against threats such as reverse engineering, Man-In-The-Middle, or in-app attacks

Secure banking apps offering full-service facilities with minimum friction

Mobile apps are the most popular way for many consumers to access banking services, overtaking local branches, phone services and bank websites in recent years.

These mobile apps are required to be freely available on public servers. Unfortunately, this provides a playground for attackers to download and exploit weaker applications in their own time.

Cryptomathic’s Mobile App Security Core (MASC) provides comprehensive data protection and self-defending mechanisms with multiple, mutually reinforcing security layers.

MASC protects and tunnels the communications between the banking app and the server, while providing a library that enables the backend to monitor and respond in real-time to subversive activity occurring on the app and device.

Why banks trust the technical capabilities of MASC to protect their apps:

• Multiple layers of code and data obfuscation to protect secrets
• Runtime application self-defense, including anti-debug, anti-tamper, application integrity and emulator detection
• HTTPS handling with host and certificate whitelisting, controlled by the security team
• Root and jailbreak information relayed to the backend as part of device health reports
• Secure store with optional PIN and biometric protection
• Secret protection to keeps protocol secrets away from the upper app layers
• API protection so the backend can quickly discard requests not coming from genuine app instances
• Languages: Java, Kotlin, Objective-C, React-Native, Swift
• Operating System: Android, iOS