android app security solution

19
Dedicate to Mobile APP Security By Jayson Li 2014 - 11 - 25 www.secneo.com Sales Contact: [email protected] or [email protected]

Upload: jay-li

Post on 18-Jul-2015

232 views

Category:

Technology


5 download

TRANSCRIPT

Page 1: Android App Security Solution

Dedicate to Mobile APP Security By Jayson Li 2014-11-25 www.secneo.com

Sales Contact: [email protected] or [email protected]

Page 2: Android App Security Solution

About BANGCLE

By Oct. 2014:

240,000 Android Apps30,000 Mobile Developers300,000,000 Smartphones

2010-5 series A round from IDG

2014-5 series C round from SIG

Certified Mobile Firewall Product Vendor in China

IEEE ICSG member

Member of ANVA

Certified Android App Security Vendor in China

2013-4 series B round from IDG、Redpoint

Page 3: Android App Security Solution

【Running Env. Security】

VMware

【Device Security】

Symantec,

MacAfee, Kaspersky

【App Security】

BANGCLE

Page 4: Android App Security Solution

App

Change paid

to free App Malicious

payment

creation

Virus injection

Remove/bypass security setting

App Repack

Illegal App

localization

Remove Ads

Plugin illegal

Ads

Page 5: Android App Security Solution

Evaluation AppShield App Release App Monitor App Management Statistic/BI

Before releasing security evaluation and shielding

APP Distribution Management

Programming Security

Source Code

Protection

Fishing App Monitoring

App Management•Data collection•Environment monitor

•Security EarlyWarning

•MessagePushing

Penetration Report

Code Auditing Report

App Distribution

Report

Competitor Report

Piracy Monitoring

App Monitor/Early warning

Assist toupload to download

sites

Pirated/fishing App Removing

Data Security

Environment Security

Business Security

Storage Protection

Data Protection

Protocol Protection

Environment Monitoring

Page 6: Android App Security Solution

Source Code Audit (White-box)

App Penetration Service

(Black-Box)

Page 7: Android App Security Solution

Symmetric Encryption

White-box cryptography + AES technology

USA federal government standard

IBM, Arxan, InterTrust etc

Page 8: Android App Security Solution

Hack TechnologyCurrent Solution onAndroid Platform

Bangcle Defend Best Practices on Android

Reverse Engineering Code obfuscation Code EncryptionAnti Reverse Engineering

App Integrity CheckAnti tampering

Debugging N/A Anti-DebuggingLow level trap detectionMemory monitoring and detection

Self ProtectionReactivate when App is compromised

Illegal Data Copy Encrypt key can be easy found by disassemble Apk

Transparent Strong EncryptionCombined with code encryptionEncrypt key secured by white-box technology

Bind IMEI with Encrypt keyPrevent data file being copied out

Page 9: Android App Security Solution
Page 10: Android App Security Solution

Mobile App Game Developers

Mobile Banking App Developers

Black-Box

Cloud USA

5 – 10 Minutes

No code change needed

Upload App

Cloud Shielding (5-10 minutes)

Download App

Sign Apps -> Test -> Release

Page 11: Android App Security Solution

Competitors

V0.5 Code Obfuscation

VS.JAVA Class

Loader

VS.JAVA VM

VS.CPU VIM

SO Protection

Local Data Protection

Unity Script Protection

VS.

BANGCLE

Page 12: Android App Security Solution

Crawlers

Data Analysis

Data Storage

App Similarity Analysis Engine

Report Generator

APK

310 Download

site

Information

App Distribution Monitor Report

Web

Page 13: Android App Security Solution

Secured Soft KeyboardSDK

Anti-Game CheatsSDK

Page 14: Android App Security Solution
Page 15: Android App Security Solution
Page 16: Android App Security Solution

Question 1 : What are AppShield impact to App performance and compatibility?

Answer:

Result from over 30,000 App and 150 different smartphones in China, USA, EU, Japan,

Korea, HK, TW

Apk size increased 800k - 2000k depend on App and security levels

CPU usage increase 2% ~ 8%

Memory usage increase 4% ~ 10%

APP start up time increase 0.1s ~ 0.9s

No compatibility issue for majority brand cellphones

Support ARM, x86

Page 17: Android App Security Solution

Question 2 : How long it will take us to shield an App?

Answer:

Within 15 minutes. However, normal processing time is less than 10 minutes include virus scan service

Question 3 : Can you secure Apk SO, log, audio and other resource files ?

Answer: Yes. We can manually encrypt them

Question 4: How can we try it?

Answer:

Yes. You can try a non commercial version Appshield in www.secneo.com or send your

request to [email protected] for a banking grade security product and service.

Page 18: Android App Security Solution

You spend millions on App security but still got hacked

Your App has many users but few paying

You spend more money on security issue than paying third party professionals

Your developers spend more time on security than writing codes

Your QA spending over 15% testing time on App security

You have to give up a million-dollars game design because of game security control

problem

When you choose game engines, security is the top concern

Your developers think they can defeat Hackers

Page 19: Android App Security Solution

www.secneo.com

THANK YOU

Sales Contact: [email protected] or [email protected]