Page 25 - index
P. 25
Attacks that systemically compromise the underlying libraries an app relies on are the fastest
growing class of attacks – and presently the most dangerous.
This makes it imperative that high value apps are able to verify the pristine nature of their entire
execution environment before unlocking sensitive functionality.
Obfuscation solutions that focus solely on variable renaming or string encryption can deter static
reverse engineering but are not able to protect against the full spectrum of high-intensity attempts to
compromise the app.
#3: Agility and Portability
The portable device ecosystem, spanning smartphones and tablets and wearable devices, is
among the fastest growing and fastest evolving. In stark contrast to the PC ecosystem -- which is
dominated by only a few chipset and operating system combinations, the portable ecosystem is a
combinatorial nightmare of chipsets, OSs, programming technologies and hardware functionality.
Because it is likely that mobile platforms will continue to evolve at their current breakneck and
unpredictable pace, choosing a solid security partner with a history of innovation- that can keep
pace with evolving ecosystems- is crucial. Additionally, selecting a security tool that is designed for
cross-platform portability and extensibility will go a long way in helping you adapt to new platforms
that become available.
#4: Overhead and Performance Impact
Memory footprint, power consumption and performance are important considerations in portable
devices, where resources are limited and battery life is precious.
All security technology will impose an additional memory footprint in storage and at run-time. It will
also impose process overhead in terms of programming effort, compilation complexity and run-time
execution characteristics.
That said, more sophisticated application hardening solutions can offer a stronger trade-off between
performance impact and protection strength relative to free- or low-cost solutions.
For example, brute-force simple obfuscation can quickly cause memory bloat and diminish
execution speed, while basic check summing can adversely impact run-time performance while
retaining single points of protection failure.
When apps are deployed to millions or billions of users, and/or where transaction volumes are
expected to be high, it is crucial that the security solution chosen be as robust and reliable as your
own app code.
25 Cyber Warnings E-Magazine – October 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
