Licel have announced the publication of their guide to mobile application protection. The guide is designed to give software engineers and architects a solid grounding in app protection and, ultimately, to enable them to create more resilient applications.
According to Licel CEO, Ivan Kinash, the guide is a natural continuation of a goal the company has had for many years - to promote app security to developers.
“We’ve always had a close bond with the app developer community because of our own background as a company. And we know that right now the best way to balance the scales with bad actors is to promote the benefits to developers of understanding the basics of app security. Engineers need to know how attackers operate and what they can do to mitigate the threats their mobile apps are up against.”
The guide to application protection is particularly timely and necessary in 2023 because it feels like attackers currently have the upper hand.
“We’ve arrived at a curious intersection with mobile apps”, says Kinash. “While many companies might readily admit their application is one of their most vital assets, this doesn’t always translate into security being prioritized as much as it should. There’s also some unhelpful misinformation out there about what mobile app protection is and the level of security that’s required.”
The hope is that Licel’s guide can teach developers about the importance of app protection and explain the layers of security needed to stop modern attacks.
The guide is split into three main sections. Here’s what to expect in each of them:
Principles
The elements of mobile apps that most need protecting and why, tips for creating a threat model, and Licel’s four vital layers of mobile application protection.
Threats
Threats, attacks, and how to mitigate and prevent them. Includes decompilation and modification, dynamic analysis and tampering, emulators and virtualization apps, malware, and network communications interception.
Practice
A checklist for protecting mobile apps. Plus how and why to make security a continuous process.