The explosive growth of mobile apps has created an industry of app development where time-to-market is everything. Security has suffered often, and very publicly: insecure apps have leaked payment, banking, and other sensitive user data, to the embarrassment of major brands. Appknox offers peace of mind to brand owners and the developers who create and maintain apps by doing regular security audits of their work, and alerting them to new vulnerabilities as they arise.
True Story: On 16 January 2014, the Starbucks app, the most used application in the US with 10 million customers, was found to be storing user credentials in plain text format. When CNBC reported that user data had been compromised, 3 million people deleted the app from their mobile devices. In 24 hours, the app fell from 4th highest grossing app to number 26. Starbucks scrambled to release an update later that week, too late.
Research published by Appknox has revealed that 80 out of the top 100 apps in the world’s major app stores have security vulnerabilities. The problem is that mobile app coders tend to be junior, feature-oriented, and inexperienced at secure coding practices. The industry’s stance on security tends to be reactive, only paying attention when a data theft occurs or a vulnerability is disclosed by a third-party hacker. Public embarrassments lead to public backlash, massive and distracting cleanup jobs, a loss of consumer confidence in mobile apps, and possibly even a drop in stock price. All stakeholders are waking up to the importance of security.
- Appknox scans mobile apps automatically for security flaws, both before and after they are released.
- During the development phase: App knox helps coders by offering a testing API that can be built into their continuous integration process.
- At the time of delivery: Appknox helps clients certify work product as part of the acceptance process.
- After publication: Appknox scans through app stores, reporting security flaws to the stores, to developers, and to the full-disclosure community.
Users receive automated reports including a score card of vulnerabilities, ranked by severity. This report includes helpful suggestions for developers, and threat scenarios for managers. The scanner works at both the source and the binary code levels.
For the avoidance of doubt, Appknox is not an antivirus company. Viruses may be the oldest and most famous problem in security, but malware is not the only one. Data loss prevention, snooping, and man-in-the-middle content and code injection are just as prevalent and dangerous. Appknox focuses on those.