Protecting the World’s Leading Mobile Apps
Roel Caers, Guardsquare CEO, discusses the evolution of the mobile application protection landscape and what customers need today to protect their apps from cyber threats.
Guardsquare: The 20-Second Download
Founded in 2014, Guardsquare is the mobile application protection company with customers in more than 80 countries across the globe. Roel Caers, CEO, joined the company more than five years ago. “We have more than four billion downloaded apps that are protected by our software across all different industries – think of finance, technology, telco, media, healthcare, e-commerce, gaming – all industries where companies with sensitive data or IP within their apps rely on our software to protect them,” he said.
The Evolution of the Landscape & Emerging Threats
“There are more and better tools available for hackers or people who want to do malicious things, while too many apps on ‘the other side’ are still without any defense,” said Caers.
“So, if you don't protect your apps and you know that all these tools are available on the Internet and can be easily used, the question is not will, but when your application will be hacked.”
Guardsquare has seen a number of key themes develop over the past year, including:
- The Return of Jailbreaking on iOS Devices: Though Android is still widely perceived as the most vulnerable environment, new jailbreaking possibilities have emerged on the iOS side thanks to publicly available tools and information that are easily accessible by hackers.
- DIY Defense Tools No Longer Cut It: In the past, Android developers were able to apply DIY protection against reverse engineering and tampering of their apps. This approach is no longer possible as the threat landscape and sophistication of attackers has evolved - specialized tools are now essential for defending apps.
- Mobile Games Increasingly Vulnerable: Mobile games are shifting away from desktop platforms in favor of mobile platforms – and are increasingly under attack, in part because the security of the mobile gaming platforms was not previously a priority.
Gaps in the Stack: Where Customers Need Help
Caers believes awareness is still an important topic for customers. “For me, awareness is still the most important part – protect before something happens instead of afterwards.” Conversely, Caers said, awareness can be rendered totally ineffective if customers don’t follow up with an appropriate solution, such as sufficient security, high-quality code and app integrity.
“A little bit of security is just the same as no security. If you apply security, you need to raise the bar high enough – otherwise it’s just time and money spent, but without any effectiveness.”
Key End Markets
The need for cybersecurity is universal and not confined to a specific geography – and threats no longer emanate from just a few corners of the world. “Hackers operate globally,” said Caers.
As for top markets for Guardsquare, the financial space remains very important. Hackers have long targeted the financial markets and its rich stores of highly sensitive data, and it remains a growing area in the mobile application security industry. Other key end markets for Guardsquare and its broader industry include eCommerce, healthcare, telcos, and streaming services.
The Proliferation of “Fake” Mobile Apps
COVID-19 accelerated trends in motion since the second half of 2018, said Caers, which was the first time mobile transactions exceeded those completed on desktop. Development teams were under pressure to innovate, enhance functionality and deliver the best possible user experience – sometimes at the expense of a much-needed focus on appropriate security. The result? Increased security flaws and leaks, as well as a growing number of “fake” apps. Apps that house money or sensitive data will draw threats.
“It happens to the best… 15 out of 20 of the world’s most famous brands have already been the victim of a mobile application attack or reverse engineering or fraud.”
Speaking of the predominance and ease of creating fake apps, Caers said, “More fake apps are available online than ever before, [with] stolen credentials and personal data being leaked. In certain industries, for example in-app advertisement, a huge increase in fraudulent transactions came up because of the apps not being protected.”
What’s Next for Guardsquare?
Caers is optimistic about the mobile application protection industry’s growth potential and feels Guardsquare has an opportunity and duty to make its tools easy to use. To Caers, this is all the more important as the developer community expands and, in turn, becomes less specialised and less versed in security considerations. “Nowadays, more and more people are there in mobile development, [with] less and less security knowledge, less and less specialised.”
The company also wants to “shift left” in the development process to empower developers to spot and address security concerns before releasing a product. “We want to help the developers of …these mobile applications to test the quality and level of security of their applications, before they are uploaded,” said Caers. “Once [applications] are protected, we assist developers in monitoring the usage of their apps in real time. We give our customers the opportunity to automatically intervene when the integrity of the application, transaction, or data is at risk.”
Questions? Connect with the Baird team at RWBcybercoverage@rwbaird.com