Browse by Year:

CIO Review >> Magazine >> March - 2015 issue

Appknox: Discovering and Fixing Security Loopholes in Enterprise Mobile Apps

By

According to a report by Gartner, more than 75 percent of mobile applications will fail basic security tests. The report says that in 2015, the majority of mobile applications - whether in the Android, iOS or Windows Phone ecosystems - will not have basic business-acceptable security protocols in place. While there are numerous reasons behind mobile applications failing to achieve even the basic level of security, the research shows that 75 percent of mobile security breaches through 2017 will be caused by mobile application misconfigurations, rather than by technical attacks on mobile devices. IT departments are hence looking beyond the basic, simple security applications and there is an increased demand for specialized services.
“By delving deeper into this problem one can realize that the challenge is not really the technicality involved, but the attitude which needs to be changed. Most organizations follow a reactive attitude towards security issues. The real challenge is to change this attitude to a more proactive one,” says Subho Halder, Co-Founder & CTO at Appknox, a Singapore based Mobile app Security Company. The company helps developers and businesses make their mobile applications more secure by detecting vulnerabilities in their apps and suggesting ways in which they can fix them without accessing the code which is prized possession for any company.
Appknox has simplified the whole process of security testing and vulnerability detection. The company helps developers and enterprises discover security loopholes and fix them in a matter of minutes. When the customer uploads the app on the cloud-based platform or provides Appknox the link to their app on the Google Play Store, a preliminary set of scans are run which take less than 10 minutes that give an overview about the various security loopholes detected. In less than 48 hours, the customer gets a detailed report which explains every vulnerability from a business as well as technical point of view. The final report contains tips to remediate the errors found. It also gives numerous examples of similar cases and code examples to help the development team in understanding the problem.

Behavioural scanning
What gives Appknox an edge, is the fact that it finds security vulnerability by Static, Dynamic as well as Behavioural analysis over mobile application without the need of source code. This is one of the biggest advantages as scans can be done from anywhere in the world without having to worry about loss of source code. The company distinguishes itself from others by offering behavioural scanning which helps it understand how the app interacts with different processes as well as other apps. It identifies the behaviour of the app by monitoring the network traffic, changes in file system and how it interacts with other processes and apps. This, from a business and consumer point of view, is a very important and critical data point. Since everything is automated, the complete process takes less than 48 hours to achieve and the preliminary results are seen within just 10 minutes which gives a good understanding as to where the app stands as far as security vulnerability is concerned.
To help customers keep a track of scan history and vulnerabilities and to suggest fixes, Appknox provides them a detailed dashboard. As soon as a scan runs, the customer gets a graphical display of where the app stands using a security rating. In less than 10 minutes the dashboard shows a glimpse of all the vulnerabilities which are there in the app and classifies them into different levels according to threat – High level, Medium level and Low level threats. The dashboard also allows them to download report and share it within team in less than 48 hours.
Being backed by JFDI Asia - Asia’s #1 startup incubator, Microsoft Ventures in India and by people like Rajan Anandan, Google India’s MD, Appknox’s young team has experience in both security and startups. Over the last few years, the company has found security issues in Facebook, Google, Microsoft, Adobe and many more. Appknox is currently available for Android and iOS apps and in the coming months, the company plans to add Windows and Blackberry platforms to its suite as well. “We are working closely with enterprise firms to better understand their problems. Soon, there will be customized enterprise specific solutions that we will provide depending on sectors, functionalities, etc. Our vision is clear – we want to enable growth of the mobile ecosystem by ensuring security so that both consumers and brands can be at peace,” shares Subho.