YESsafe AppProtect+ Protects Mobile Apps Against StrandHogg Vulnerabilities Video
The total number of app downloads on mobile devices in 2019 was at 204 billion. Of which, 84 billion downloads were through the Google Play Store, and 31 billion downloads were through the iOS App Store. People are spending more time using their mobile devices to browse content, online shopping, transaction, and more.
Security on a mobile phone is a rising concern. BBC News reported in December 2019 that there was a vulnerability issue on the Android system known as StrandHogg. It is the Most Challenging Vulnerability as it has a significant security impact on Android phone users, with or without the device been rooted.
What is StrandHogg?
Discovered by Promon , StrandHogg allows real-life malware to pose as any legitimate app without users’ awareness. StrandHogg is unique because it enables sophisticated attacks without the need for a device to be rooted. It uses a weakness in the multi-tasking system of Android to enact powerful attacks that allows malicious apps to masquerade as any other app on the device. This exploitation is based on an Android control setting called ‘taskAffinity’, which allows any app – including malicious ones – to assume any identity in the multitasking system they desire freely.
What can it do?
With StrandHogg, hackers can distribute malicious apps on the Android App Store or APK download on other websites. If any phone user downloaded it, it might impact any legitimate app on the same device.
Dangerous Permission Harvesting
Powerful Phishing Attacks
Once exploited by hackers, the consequences faced by phone users are:
- Stolen usernames and passwords (Phish login credentials)
- Draining bank accounts
- Exposure of SMS messages
- Access to all personal photos and files on the device
- Making and/ or recording of phone conversations
- Spying through the phone’s camera and microphone
- Tracking user’s movements and location
- Accessing user’s contact list, phone logs, emails
How Can Company Protect its App and Consumers?
i-Sprint’s YESsafe AppProtect+ proactively protects mobile apps against various risks and attacks, allowing mobile apps to run securely even on highly infected devices.
Comparing with the traditional antivirus software, AppProtect+ can protect app without virus database update or internet connection; When compared with hardened app solution, AppProtect+ can prevent passive attacks (like reverse engineering, repackaging and source code modification), and respond by taking necessary measures when real-time attacks are detected during app running. So, complete protection is achieved.
AppProtect+’s Core Functions include:
- Anti-reverse engineering & Anti-tampering
- Anti-debugger
- Anti-stealing
- Client Management from Server
Some companies in the region such as Bank of East Asia, CITIC Bank (International) CMB Wing Lung Bank, RHB Malaysia & Singapore, Merchantrade Asia, Bank Muamalat Malaysia, Sing Investments and Finance, Rabobank Singapore and MSIG are already using AppProtect+ to protect their company apps against any vulnerability, like StrandHogg.
To understand more on AppProtect+, please click here.
Enterprises, you can do your part to enhance the security level of your mobile app to protect your company and your users.
Be Proactive | Be Safe | Secure Your App with AppProtect+
i-Sprint is providing a complimentary check for your company’s app on any vulnerability to StrandHogg. Or you can chat with our specialists to find out how you can protect your enterprise mobile app.