Agenda
Introduction Considerations Mobile App Lifecycle Management App Management
Concerns Requirements Solutions
Solutions Footprint Security controls Footprint checking Version management
06-08-15
> 10 Financial Customers
06-08-15
About us
We seamlessly connect end-users to their online personal service using any device.
Onegini brings together personal services, the best user experience and relevant data.
Banks Insurance Healthcare Telecom
App Management considerations
There are almost one million fake apps (Android) 61% of organizations believe the real risk to mobile apps
is data leakage Over 80% of successful attacks target the application
layer Security flaws in application software cause 75% of all
breaches In 2012, the industry saw a 163% growth of malware
attacks on apps A brilliant Tinder hack made hundreds of bros
unwittingly flirt with each other How I hacked India’s biggest startup (a true hacker
story)
06-08-15
App Management Concerns
06-08-15
1. Create appApp Developer
Administrator
2. Deploy app
3. Install app
4. Use app
Consumers
App
App App
How can we make sure our APIs are only used by
our app?
How do we force end users to use the latest
version?
How can we block usage on non-supported OS’s?
App Management Requirements
06-08-15
1. Create appApp Developer
Administrator
2. Deploy app
3. Install app
4. Use app
Consumers
App
App App
Only allow access to our own apps
Ensure we know our own app is using the APIs
Use version management
App Management Solutions
06-08-15
1. Create appApp Developer
Administrator
2. Deploy app
3. Install app
4. Use app
Consumers
AppSDK
AppSDK
AppSDK
Store footprint
Implement algorithm to create footprint of app
Store footprint of app
To preventreverse-engineering:Add security controls
Check footprint before registration
Check version and OS-version
Solutions - Footprint
Unique footprint which identifies the used app version
Different for each app version
Use algorithm to calculate footprint, no hardcoded value
Recalculate footprint each time
Tooling to fetch footprint from compiled binary
06-08-15
Solutions - Security Controls
Protect the footprint algorithm
Code obfuscation or encrypting
Debug detection & jailbreak / root detection
06-08-15
Solutions - Footprint checking
Footprint value itself should not be communicated
Validate footprint at registration of new app instances
Validate footprint at upgrade of existing app instances
Use footprint in each request to detect tampering of the app
Create a development mode for easy development
06-08-15
Solutions - Version Control
Create an administration of supported app & OS versions
Validate if app version is supported based on client identifier
Include OS details in request validate if used OS is supported
Block traffic for client if version is not supported
Instruct user to upgrade
Generate statistics based on used versions
06-08-15
Wrap-up
To securely manage a consumer app:
Recognizing your app is key (footprinting)
A recognized app is a first level of authentication
App-security-controls are a must to prevent misusage and make sure the footprinting is original
Version management is key
06-08-15
Contact us
Onegini makes doing online business easy and secure
More info: www.onegini.comMore videos: www.onegini.tvEmail:
Twitter: @Onegini
@cpolhout