Mobile App Management for Consumer Apps

Onegini makes doing online business easy and secure

Agenda

Introduction Considerations Mobile App Lifecycle Management App Management

Concerns Requirements Solutions

Solutions Footprint Security controls Footprint checking Version management

06-08-15

> 10 Financial Customers

06-08-15

About us

We seamlessly connect end-users to their online personal service using any device.

Onegini brings together personal services, the best user experience and relevant data.

Banks Insurance Healthcare Telecom

App Management considerations

There are almost one million fake apps (Android) 61% of organizations believe the real risk to mobile apps

is data leakage Over 80% of successful attacks target the application

layer Security flaws in application software cause 75% of all

breaches In 2012, the industry saw a 163% growth of malware

attacks on apps A brilliant Tinder hack made hundreds of bros

unwittingly flirt with each other How I hacked India’s biggest startup (a true hacker

story)

06-08-15

Mobile App Lifecycle Management

06-08-15

App Management Concerns

06-08-15

1. Create appApp Developer

Administrator

2. Deploy app

3. Install app

4. Use app

Consumers

App

App App

How can we make sure our APIs are only used by

our app?

How do we force end users to use the latest

version?

How can we block usage on non-supported OS’s?

App Management Requirements

06-08-15

1. Create appApp Developer

Administrator

2. Deploy app

3. Install app

4. Use app

Consumers

App

App App

Only allow access to our own apps

Ensure we know our own app is using the APIs

Use version management

App Management Solutions

06-08-15

1. Create appApp Developer

Administrator

2. Deploy app

3. Install app

4. Use app

Consumers

AppSDK

AppSDK

AppSDK

Store footprint

Implement algorithm to create footprint of app

Store footprint of app

To preventreverse-engineering:Add security controls

Check footprint before registration

Check version and OS-version

Solutions - Footprint

Unique footprint which identifies the used app version

Different for each app version

Use algorithm to calculate footprint, no hardcoded value

Recalculate footprint each time

Tooling to fetch footprint from compiled binary

06-08-15

Solutions - Security Controls

Protect the footprint algorithm

Code obfuscation or encrypting

Debug detection & jailbreak / root detection

06-08-15

Solutions - Footprint checking

Footprint value itself should not be communicated

Validate footprint at registration of new app instances

Validate footprint at upgrade of existing app instances

Use footprint in each request to detect tampering of the app

Create a development mode for easy development

06-08-15

Solutions - Version Control

Create an administration of supported app & OS versions

Validate if app version is supported based on client identifier

Include OS details in request validate if used OS is supported

Block traffic for client if version is not supported

Instruct user to upgrade

Generate statistics based on used versions

06-08-15

Wrap-up

To securely manage a consumer app:

Recognizing your app is key (footprinting)

A recognized app is a first level of authentication

App-security-controls are a must to prevent misusage and make sure the footprinting is original

Version management is key

06-08-15

Questions

Contact us

Onegini makes doing online business easy and secure

More info: www.onegini.comMore videos: www.onegini.tvEmail:

info@onegini.com

Twitter: @Onegini

@cpolhout