FEATURE : CLOUD SECURITY
Prevent your app from running on jailbroken and rooted devices including advanced rooting tools like Magisk , ensure that your digital wallet data is encrypted at rest , use advanced white box cryptography , as well as threat-aware encryption keys to encrypt app sandbox , files , strings , resources , preferences and native libraries .
4 . Weak encryption
Looking at the top five attacks on investment apps , several apps were found to be using an unencrypted SQLite database in their Android app , making them vulnerable . Unencrypted data in the application sandbox or SD card , in preference areas like NSUserDefaults or the clipboard are common channels targeted . Given this , data-at-rest encryption is recommended to protect data inside these areas . Hackers also target transactions , passwords and passphrases and enforcing SSL / TLS for communications – including minimum TLS version , and cipher suites are good protective measures .
5 . Dynamic runtime attacks and dynamic instrumentation
Modified versions of investment apps , used with emulators and simulators or on-device malware can be used by hackers to create fake accounts , activate malicious trades and transfer cryptocurrency from one investment app to another . In Singapore , businesses have been targeted by ransomware threats in recent years with the number of cases growing by 54 % between 2020 and 2021 .
To safeguard against these challenges , implementing runtime application self-protection ( RASP ) methods are recommended . In particular , deploying anti-tampering , anti-debugging and emulator-detecting solutions is advised . Implementing options to protect against the malicious use of ADB – for method hooking or other appharming risks – as well as protection against dynamic instrumentation frameworks and toolkits like FRIDA should also be considered .
Do not sleep on security
Cyber-criminals never sleep when it comes to developing new threats , so , as a banking or FinTech app developer , staying ahead of threat actors is imperative . And investors and users of fintech apps should remain alert and vigilant . They need to do their research and demand that the app makers do more to protect their data , their use and their financial investments . As the investment app sector is highly competitive , best-in-class security is as critical as speed and ease of use when it comes to building apps that delight Singaporeans . p
www . intelligentcio . com INTELLIGENTCIO APAC 43