Be the first to like this
Driven by exponential growth in the consumer market, new mobile devices (smartphones and tablets) are now entering the world of governments and companies. They open up opportunities to develop new applications on very large targets for citizens, customers, and already the first connected objects.
The advent of this new equipment is largely due to the success of application stores (Apps Store, Google Play, Windows Store ...) and very large scale deployments of of micro-applications.
These Apps fully exploit the interactive capabilities of the mobile devices. They enable new way to use smartphones and tablets. Most importantly, they are free, simple to use and efficient.
For administrations and corporations, if these developments are a source of opportunity, they generate, at the same time, new needs in terms of security and confidence because the mobility services expose organizations, their employees, partners and customers to new threats.
The origin of these threats lies in several points:
1. The nature of the new terminals, more open and communicative, are used for business purposes but also private
2. App stores are more or less secure,
3. Apps are easy to copy, clone or divert for hackers,
4. Consumers are not inhibited by the risk of downloading malicious apps,
5. Conventional antivirus solutions are inadequate with the reactivity of hackers, their exponential production of clones and other malware.
6. Users do not control personal or professional data handled by Apps: Phone numbers, SMS, agenda, payment and card details, health data, professional and personal files, pictures, recordings, etc.
The threat increases when apps establish connections and perform actions on the mobile device, often without control regarding the compliance of the security policy of corporate information systems with which the device interconnects.
The "Apps + Store" model induces new constraints on the IS and extends the scope and the security issues.
In the field of mobile security, Pradeo has designed and developed a behavioral analysis engine for mobile application, called "Trust Revealing".
For a given application, the engine reveals exhaustively actions performed by the application:
1. What connections the devices establishes,
2. What data the manipulates: user data (SMS, pictures, calendars, contacts, files, etc..), device data, application data,
3. What operations it performs: Sending data to a remote server, sending automatic SMS payment over unsecured connections, etc…
Thanks to Trust Revealing technology Pradeo offers to its customers a securing apps promise and a protection against attacks by cybercriminals made through
mobile applications available on public stores.