This post is from the Arxan blog and has not been updated since the original publish date.
Application Attacks Create Business Risks
The Need for Application Protection
Mobile apps are targets because they serve as entry points to access corporate intellectual property (IP), customer data including personally identifiable information (PII) and backend infrastructure and application programming interfaces (APIs).
Attacks on the mobile app ecosystem threaten more than just loss of end-user data and privacy. Application attacks can result in brand damage, financial loss, intellectual property theft and governmental penalties.
An attack can occur whenever an organization’s mobile app is accessible “in the wild” — apps available via public app stores.
Bad actors exploit weak app protection by reverse engineering an app, tampering with its code and understanding the keys to sensitive in-app and back-end data, services and networks. Using this exposed information, they can exfiltrate data or inject malicious code and then release the compromised app back in the wild.
Comprehensive application protection secures apps from the inside out by protecting source and binary code. This level of protection includes a broad range of capabilities such as code hardening, obfuscation and key & data encryption. Additionally, application protection should include threat analytics to understand current attacks and future threats.