Guardsquare CEO Reflects on His 5 Year Anniversary: The Evolution of Mobile App Security
When I first joined Guardsquare five years ago, our customer base was made up of early adopters. Some were financial services companies extending their zero trust policies to their mobile stack. Others were indie developers protecting the intellectual property (IP) for their own apps, or working with bigger organizations who already recognized that mobile app protection is important.
But it was also a time where many sensitive, unprotected applications got hacked. These app developers started looking for a solution after their security incidents occurred. While that’s one urgent way to solve the problem, prevention is always the best defense. This group formed most of the customers in the early days of Guardsquare.
It’s exciting to me how Guardsquare has evolved over the last five years along with the pace of mobile app security. Here are a few of the biggest milestones that stand out in my mind as I look back on my five years at the company.
2016: The early mobile app security landscape
In 2016, Guardsquare had only 10 employees. We were rooted in the open source technology ProGuard, which was the de-facto standard for Android app optimization. Based on our knowledge and large open source community, Guardsquare had a lot of insight on how to raise the bar and improve mobile security.
At the time, threats were limited and standard protection techniques were often sufficient. The biggest focus points for attackers were IP theft, creating fake apps, and injecting malware into apps that harvest credentials. Those that were using our Android security solution DexGuard were ahead of the pack.
If you had done anything at all about mobile app security, you were likely safe... for a while. Attackers went after the easier, unprotected apps, so secured apps weren’t a popular target. Many developers were using DIY techniques and applying different open source components for mobile security. Fast forward five years, and a DIY approach is no longer possible. It’s too time-consuming and insufficient.
It’s shocking to think that in just five years the threat landscape has evolved so much.
2018: Mobile app transactions reach an all-time high
A big shift happened in 2018. Global mobile payment transactions hit $4.296 trillion that year. More transactions were done through mobile devices than web browsers or desktop applications. This was the beginning of the time when mobile apps became the most important channel for both customer interaction and ensuring customer loyalty.
That meant the pressure was on for internal development teams to develop secure apps. In the beginning, many mobile apps were developed by external parties. In 2018, we saw a surge in in-house customers. It became more important than ever to prove that mobile app security was a strategic choice. Organizations needed to have mobile apps to differentiate themselves from the competition. They needed a good user interface and overall user experience. And security was just as big a part of that equation as anything else.
At the time, more and more developers had to rely on third party libraries. These external tools added security risk. Guardsquare proved itself to be a standout solution for developers in these types of situations. In a way, we served as a big educator for the market.
In 2018, we were recognized by Deloitte for our 4713,63% growth in sales over three years. And shortly after in January of 2019, we closed a $29 million venture capital investment from Battery Ventures. That funding allowed us to expand our team and build out a U.S. headquarters in Boston, Massachusetts.
2021: Rapid digital transformation and a massive shift to mobile
In 2021, the world is in a dramatically different place that no one could have predicted. COVID-19 accelerated the adoption of mobile apps, with many businesses relying on mobile ordering and curbside pickup to survive. Touchless, in-store mobile payments grew 29% in the U.S. alone. Many governments implemented contact-tracing mobile apps to attempt to control the spread of the pandemic.
Work-from-home meant more people relied on their mobile phones to get their jobs done. Lockdowns made mobile app activity surge by 40%. We’ve seen an aggressive growth in the number of unprotected, sensitive mobile applications in use. Many of these sensitive applications are financial services apps and others that hold personally identifiable information.
Now, mobile apps across every industry (including media, healthcare, telecom, gaming, sports, and e-commerce) have realized that they need to do something for their mobile app security. In 2021, attackers see both Android and iOS apps as fair game. There’s a lot of public tools and information available online to reverse-engineer mobile apps, even if you’re not a specialist. More incidents are being reported than ever before.
Also, reverse engineering is no longer a manual activity. Hackers have automated their processes. They can scan apps and find unsecured apps at unprecedented rates. Still, many companies are waiting until it’s too late to apply mobile app protection. It is almost like having a blueprint of your bank for robbers to look at. It’s better for them to not have a blueprint at all than to try to catch each individual bank robber. Once again, prevention through solutions like DexGuard and iXGuard for iOS is the best cure.
Why I’m optimistic for 2021 and beyond
As the world slowly recovers from the pandemic, I’m incredibly proud of what our global team has accomplished. Today, we’re at 100 employees and protect more than four billion mobile applications.
We’ve invested heavily in R&D, and have added more layers of protection to extend throughout the mobile app development lifecycle – including ThreatCast for real-time threat monitoring, and our recently acquired mobile app security testing solution. As the threat landscape evolves, Guardsquare has to continue to lead, research, and invent new techniques so we can always be at least one step ahead of attackers.
None of this would have been possible without our amazing team, who have consistently raised the bar every day. We did a great job of acknowledging our different needs during the pandemic based on location, and gave people the space to be individuals at work with their own unique perspectives. We have developed a culture of mutual respect and inclusivity. Even though we haven’t been able to get together, I’ve enjoyed the opportunity to have weekly virtual coffees discussing a broad range of topics with our global employees. I feel privileged to have gotten to know more about their professional and personal lives over the past year.
As we get closer to the point of seeing each other face-to-face again, I’m even more optimistic about what our team can accomplish. I look forward to sharing more with you about the exciting research and mobile protection solutions on the horizon for 2021 and beyond!