App Protector is a security technology built on or linked into an application runtime environment. It is capable of controlling application execution, early intrusion detection, and preventing real-time attacks.
The purpose of App Protector is to protect end-users if their device is detected to be compromised from any kind of misuse and to protect application owners from any repercussions of that misuse.
A key feature of App protector is to detect threats on the device where the specific application is installed and alert or neutralize those threats. These threats can be, for example, the jailbroken device or a device running in debug mode.
After these threats are detected, App Protector performs a predefined action for a specific threat (force stop the application or notify end user, for example). The set of actions for each threat is called an App Protector configuration. These actions are done without any human intervention, based on the App Protector configuration built within the application.
App Protector implementation types
offline (SDK configuration hardcoded, no connection to Portal)
online (SDK configuration is configurable through Portal)
Main components
App Protector SDK – software component (SDK) which is implemented in a mobile application with the main feature to detect attacks on mobile applications.
Risk Event Collector Server – backend component which collects data from App Protector Portal. Used only with online implementation type.
App Protector Web Portal – administration component that allows creating new, updating, or deleting existing applications and configurations. Portal also displays statistics about detected attacks. Used only with online implementation type.
App Protector Portal Server – receives all the data (identifiers, applications, and configurations) and saves it in the database. Used only with online implementation type.
Key benefits
Detection and prevention. App Protector offers the possibility to detect threats and react on security events in application runtime.
Modifying configurations. App Protector Portal enables modifications on App Protector configurations which are done immediately (on the fly) propagated to the application; when online implementation is selected.
Collecting security events. All the information that App Protector Portal SDK detects can be forwarded to a 3rd party system (anti-fraud system, for example) which can then use this information as an additional source of information to, for example, clear a financial transaction.
Security events visibility. Reporting on security events is very important, and with App Protector Web Portal, reports are easily accessible and customizable.
BYOD (bring your own device). Protecting applications with App Protector can make BYOD less of a security challengefor an IT department.
Enabling regulatory compliance. Several regulations, such as PSD2, have set requirements to introduce security mechanisms within applications that mitigate the risk of running applications on tampered/compromised devices. App Protector is one of the security mechanisms that support organizations to comply with this kind of requirement.
Application integration and stability. App Protector implementation is smooth and easy, assuring that there is: no downtime, no risk of breaking an app, no source code changes, no false positives, no routine tuning, no unacceptable performance overhead. It can be integrated into old, proprietary applications or new ones.
Contact us
For more information about App Protector and its implementation, contact us at: sales@asseco-see.hr
