Staying Ahead of the Threat: Digital.ai’s Guiding Principles for App Hardening

Since 2020—and for two decades before that at Arxan—Digital.ai’s Application Security product teams have focused on building application hardening products so that our customers can deliver apps to the marketplace with confidence. That cat-and-mouse game between our development teams and threat actors continues to push us to research, discover, develop, and ship new techniques and mechanisms to stay a step ahead of those who want to disrupt our customers’ business.

For many years, we’ve been using the following set of guiding principles to help us determine what is most important to deliver next.

Support Latest Host/Target Platforms and Build Tools​

Our customers cover the gamut of industries and span a broad range of end users that they serve. For many of them, having support for the latest version of Xcode and iOS the day they drop or within a few days is a strategically important business stance that they take. We’ve heard that message from enough customers in enough settings that we prioritize working with those beta versions leading up to those big GA days. That’s also why we’ve been announcing such support to our customers for years and more recently to the broader market like the recent iOS 26 announcement.

Not only do we target the latest and greatest, but we maintain a long tail of support for older versions. That way our customers can usually decide what versions they want to support for their reasons and not settle for a severely limited range imposed on them by their vendor.

Support Detection of Latest Attack Tools​

While keeping up with Apple, Google, and Microsoft takes effort, keeping up with the growing community of attack tool developers is more than a full-time job. New versions of jailbreaks, roots, and dynamic instrumentation frameworks and their hide modes keep getting released at a furious pace. A long time ago, I used to show a Wikipedia picture of the known jailbreak development community—all sitting on one couch. Collecting all the contributors to such projects today would probably require a decent-sized conference venue.

Detection of such tools sometimes generates a disproportionate amount of concern since a jailbreak or root does not automatically constitute an exploit. Jailbreaks and roots create a situation that is akin to every desktop/laptop—the running apps have broad access to system resources but most of them just perform their normal tasks and don’t poke around maliciously. And even if an app does make bad use of those resources, it doesn’t mean every other app is being targeted.

That is why other detection mechanisms are always needed to determine when potentially hostile actions get paired with known hostile actions. That’s the difference between seeing a jailbreak alone or seeing a jailbreak followed by a code change and checksum tamper detection. But since a jailbreak or root is often the first step in an exploit chain, we spend considerable effort researching new versions of such tools and keep adding new ways to detect them on devices. And while day-one support against attack tools is usually not possible, we prioritize our detections of the most important updates and get them in the hands of our customers as soon as we can.

Add New and Update Current Security Mechanisms​

We are always thinking about new mechanisms and new algorithms for existing mechanisms to make our protection products stronger. We regularly create new guards to check new conditions and to put up new roadblocks to make the work of threat actors harder. While doing this, we pay attention to performance considerations and ease of use but always want to keep adding tools to the Security Engineer’s toolbox.

Improve Our Product Ease of Use​

Ease of use has been a major priority for us in the past several years. Back in the Arxan days, we would regularly tell customers that our products were “expert tools”. They were powerful and very flexible, but they required significant expertise to use them to their full potential.

Given customers who don’t have dedicated Security Teams or maybe even Security Engineers, we have wanted to bring all that protection power to the masses. We have spent and continue to spend time and effort on just making protections work so that more companies can protect more applications and raise the general security level of our digital interactions. Techniques like incremental checksums or automatic symbol renaming help our customers do more with less. AI-powered products are opening new ways to break past conceptual limits and are showing themselves to be force multipliers for companies as they apply protections to more applications.

Provide Greater Insights Into Current Threats​

On top of those other items, we also prioritize giving feedback to our customers. Once, many companies simply put their apps on the app stores and hoped for the best. Many still do. When asked if their apps were under attack, companies sometimes assumed they were, but many were unsure. We ensure that our detection mechanisms can provide data about what they find, and when and where they find it. That data helps inform future protection, so we work to package it, display it, and explain it in ways that help our customers make the best use of the monitoring that we do all day every day.

Ask Customers About Specific Needs​

Beyond those product features, we prioritize talking to practitioners and analysts to understand emerging needs so that we can be ready with solutions to tomorrow’s problems.

We spend all our effort creating the best protection products we can so that you can confidently deliver your applications to the marketplace while reducing the risk of reverse engineering, tampering, and theft which helps us all have a safer digital experience.