| Executives October 17, 2019


October 17, 2019

Protecting customers from data compromise in mobile applications with Lookout App Defense

By Praveen Mamnani

The mobile-first, cloud-first world has brought new conveniences to users, such as banking, health and retail apps. But, at the same time, it has introduced new risks, making mobile app security and compliance top priorities for CISOs. Bad actors now target mobile users through trojans that steal login credentials, download malicious software through phishing or by jailbreaking devices, leaving apps vulnerable to data compromise. In fact, 65% of all fraudulent transactions now take place on mobile

Despite these vulnerabilities and risks, mobile app developers are not implementing robust security techniques to protect apps against external threats. In fact, they typically implement basic on-device IP protection (app shielding or in-app protection) techniques to prevent apps from being reverse engineered. These techniques are also referred to as ‘inside-out’ protection and do not fully protect users from the entire spectrum of mobile risk.

A comprehensive end-to-end solution is needed to protect sensitive customer data from being compromised. The solution must include continuous protection from threats, including malicious apps downloaded from phishing links, advanced non-persistent device attacks, screen overlays attacks, fake keyboards and network attacks. An end-to-end solution provides comprehensive visibility and advanced security to protect brands from mobile risks.

The Lookout mobile app protection solution

Lookout App Defense provides enterprises with proactive mobile app security by preventing data compromise of customer-facing mobile apps. Lookout detects mobile risks that can lead to account takeover and prevents malicious actors from accessing customer data and financial transactions via your mobile app. In addition, we are supplementing the security protections from Lookout Security Cloud through partnerships with market leading vendors to provide comprehensive end-to-end mobile app security for customers. The Lookout Mobile App Protection Solution includes: 

  • Threat detection, visibility and defense via a lightweight embeddable SDK to provide runtime protection (aka RASP - runtime self protecting apps) from advanced jailbreak/root detection, network spoofing, malicious apps, phishing, and screen overlays. The SDK communicates with the Lookout Security Cloud to continuously analyze application and device anomalies. The SDK also provides workflows for configurable remediation actions such as elevating authentication level or terminating the session. Lookout App Risk Posture provides continuous visibility and threat analytics of consumer devices.
  • Anti-tampering via an added layer of protection to prevent runtime hooking detections, fake keyboards, application repackaging, reverse-engineering of code, detection of emulators and debuggers. 
  • Trusted execution and protection enabling developers to store cryptographic keys and sensitive operations within a secure enclave for Android and iOS. This capability is delivered in partnership with Trustonic, leveraging Trustonic Application Protection (TAP) software and hardware integrity checks.
  • Fraud detection and prevention through profiling the inherent human behavior and uniquely identifying each person behind any account to protect them from user impersonation or manipulation attackLookout App Defense’s integration with Buguroo enables customers to augment and enhance their fraud risk scores for mobile and web channels.

Learn how Lookout App Defense provides comprehensive end-to-end mobile app security for customers.


Author

Praveen Mamnani,
Head of Product, App Defense