For mobile enterprises, securing the app environment is as important as securing the app itself. With users willing to bypass security features and jailbreak phones in increasing numbers, enterprises face increased risks. Applications running on jailbroken devices are more vulnerable to attacks and represent an expanding mobile attack surface.
Mobile device management (MDM) and Home-Grown solutions alone are not enough as they can be easily by-passed by sophisticated hackers targeting the application perimeter. Given aggressive mobile app development cycles, enterprises require solutions that empower their “mobile first” business strategy with protection from the most current cyber threats.
Arxan’s new Jailbreak Detection Guard detects if an app is running in a jailbroken environment, and can trigger customiszed reactions to safeguard the critical and high-value attributes of an app on an unsecured device. Furthermore, Jailbreak Detection capability is delivered with “built-in” tamper-resistance.
Arxan’s mobile app security solutions are also deepened by another environment sensing capability, called the Resource Verification Guard. This Guard is inserted into a mobile app to check the integrity of the Android and iOS package resources. It is critical for a mobile client app to maintain its integrity against malware insertion or tampering threats as well as be made “aware” of the status of its environment. For instance, the recently publicizeda “Master key” vulnerability could leading to malicious code injection into genuine Android apps, which can be detected by this new guard type.
Together, the new Jailbreak Detection and Resource Verification Guards are especially important to the financial services industry where innovations in m-commerce, mobile P2P transactions, balance transfers and payments make it critical to protect high risk transactions.
In a recent Gartner research note Avivah Litan and John Girard recommended that enterprises, “Use mobile application security solutions to fortify mobile apps and to prevent them from being corrupted.” and “Use mobile environment security solutions to prevent mobile devices from being corrupted.”