Solution Briefs

Application Protection for Hybrid Solution Brief

Issue link: https://read.uberflip.com/i/1254779

Contents of this Issue

Navigation

Page 0 of 1

Solution Brief Digital.ai | Digital.ai Application Protection for Hybrid Lower costs, faster time-to-market, and more readily available developer resources are just a few of the reasons why organizations develop hybrid applications. Hybrid apps make it possible for developers to build one core application that can be deployed to both Android and iOS devices, streamlining the number of apps that have to interact with users and back office systems. Unfortunately along with the business benefits of hybrid apps are heightened security risks. App attacks all have a common threat vector: reverse engineering — the disassembly of apps back to the original code. It can take only minutes to reverse engineer an app using readily available software tools. Because hybrid apps are written in JavaScript, they are more susceptible to reverse engineering. Hybrid apps also contain native code libraries which, if compromised, can reveal access to back office systems and confidential information such as customer credentials. Once a hybrid app is reverse engineered, it can expose critical algorithms, keys and sensitive data, grant API access, and provide an attacker with all the information they need to tamper with code. This can lead to even more insidious attacks targeting an organization's servers or other infrastructure. Digital.ai Application Protection for Hybrid (formerly Arxan) Hybrid app protection Digital.ai Application Protection for Hybrid protects JavaScript business logic code and the necessary native Android or iOS libraries deployed as part of the hybrid app development process. Hybrid app code is protected through obfuscation, the process of making an attacker's view of app code, its structure and sensitive data extremely difficult to understand. Digital.ai code protection can rapidly harden hybrid applications with patented guarding technology, self-repair capabilities, and tamper resistance using a unique, configurable guard network and threat detection capabilities. Alerting the business to attacks in progress is key to preventing damage, and Digital.ai integrated threat detection can alert organizations if apps are operating on compromised devices, and at the first sign of code compromise — all from the moment an app is published. Once threats are identified, organizations can take short-term action, such as locking account access and disabling app functionality. Longer term corrective action can include enhancing protections with code, and/or data and key encryption to remediate and tailor future protections to specific threats. -[LockScreenViewController confirmPinBtn sub sp, sp, #0x50 ; Objective C stp x20, x19, [sp, #0x30] atp x29, x30, [sp, #0x40] add x29, sp, #0x40 str x1, [sp, #0x40 + var_20] str xzr, [sp, #0x40 + var_28] add x0, sp, #0x18 ; argumant "add mov x1, x2 ; argument "value bl imp___stubs__objc_storeStrong adrp x8, #0x100033000 ; 0x1000332 add x8, x8, #0x2b8 ; 0x1000332b8g adrp x9, x9, #0x5d0 ; 0x1000335d00 ldur x10, [x29, var_18] -[LockScreenViewController confirmPinBtn sub sp, sp, #0x50 ; Objective C stp x20, x19, [sp, #0x30] atp x29, x30, [sp, #0x40] add x29, sp, #0x40 str x1, [sp, #0x40 + var_20] str xzr, [sp, #0x40 + var_28] add x0, sp, #0x18 ; argumant "add mov x1, x2 ; argument "value bl imp___stubs__objc_storeStrong adrp x8, #0x100033000 ; 0x1000332 add x8, x8, #0x2b8 ; 0x1000332b8g adrp x9, x9, #0x5d0 ; 0x1000335d00 ldur x10, [x29, var_18]

Articles in this issue

Links on this page

view archives of Solution Briefs - Application Protection for Hybrid Solution Brief