By 2025, mobile app revenue is expected to reach $613 billion. With mobile apps becoming increasingly important to business strategies across industries, the security of the apps is a large concern.
There are a number of different approaches to securing your mobile applications, including building your own testing tools, manually implementing protection, or purchasing an app-shielding or compiler-based commercial product. For app developers who decide to work with a mobile app security partner, they may be overwhelmed by the many available options on the market. Few, however, offer developer-first, mobile-app-centric products like Guardsquare.
Guardsquare has grown into the leader in mobile app security with more than 900 customers in 95 countries and 6 billion protected users. Guardsquare’s laser focus on mobile app security is evident, demonstrated by the comprehensive security tools offered for both Android and iOS applications:
Mobile app security goal: | Guardsquare products: |
Mobile app protection |
DexGuard and iXGuard provide robust, comprehensive, multi-layered protection against static and dynamic attacks for Android and iOS apps and SDKs. With these products, you can:
|
Mobile app security testing |
AppSweep is Guardsquare’s mobile application security testing product for Android and iOS apps built to enable developers to find and address code dependencies and other security issues based on proactive recommendations. Using this free product, you can:
|
Real-time threat monitoring |
ThreatCast is a real-time threat-monitoring tool that provides alerts on runtime integrity violations of apps protected by DexGuard and iXGuard. Using ThreatCast you can:
|
In this blog, we’ll highlight a few customer success stories to demonstrate how Guardsquare enables organizations around the world and across major industries including banking and payment, healthcare, retail, media and entertainment, and mobile gaming to secure their mobile apps:
Guardsquare helps meet security compliance requirements
Guardsquare can help companies meet and maintain regional and industry regulatory compliance requirements, certifications, and standards. For clients in highly regulated industries, compliance is crucial as a lack of security can result in serious negative consequences. For instance, in the banking industry, when a breach occurs, both publishers and their customers could risk being impacted by fraud and financial damage, which could ultimately lead to brand damage. While in healthcare, mHealth/medical app breaches could risk patients’ well-being.
Guardsquare helps these organizations protect the integrity of their apps, enabling them to meet compliance requirements and safeguard their business and end-users against harm. This includes helping companies like the ones referenced below pass internal and external pentesting, and additional security testing requirements, and protect themselves against cyber threats such as tampering and reverse engineering:
- Meet financial service compliance: A mobile payment app SDK provider for iOS and Android payment apps needed to comply with the current Payment Card Industry (PCI) SDK 3DS Security Standards and used Guardsquare’s automated security approach to ensure that its SDK was obfuscated and encrypted to achieve and maintain PCI compliance.
- Meet healthcare compliance: A U.S.-based, Software As a Medical Device (SaMD) developer needed to stay on top of the evolving regulatory requirements for the apps they provide to their clients. Leveraging Guardsquare helped the SaMD developer (and their clients) meet medical compliance regulations, such as the FDA’s.
- Meet data protection & privacy compliance: A prestigious Brazilian bank needed security that included robust code obfuscation techniques that would ensure the security of sensitive data processed by and stored in their apps (i.e., customer data). The company used Guardsquare to obtain more comprehensive code protection for their apps, enabling them to pass internal pentests and meet compliance requirements for Lei Geral de Proteção de Dados (LGPD), a Brazilian data protection law.
Guardsquare ensures the mobile application integrity and the sensitive assets inside using advanced protection features
“Our engineers were excited to see the breadth of advanced protection DexGuard and iXGuard offer. On top of the control flow obfuscation, data encryption, and other code-hardening techniques we desperately needed, we also layered this static protection with the RASP capabilities to protect against attacks at runtime.” — Mobile Front-End Lead, Southeast Asian hypergrowth FinTech company
Guardsquare helps customers protect the integrity of Android and iOS apps and SDKs through DexGuard and iXGuard. Unlike wrapper solutions with only a single point of failure, DexGuard and iXGuard are compiler-based code protection tools that interweave multiple layers of advanced static and dynamic protection techniques into your application code. Here are a few key ways the products accomplish this:
Preventing apps from running in an unsafe environment such as rooted/jailbroken devices or emulators.
- Ensure environment integrity: The aforementioned mobile payment app SDK provider needed to ensure its software wouldn’t work on a compromised device. Although an app running on a rooted/jailbroken device or emulator does not pose a direct threat, it is often the prerequisite for attackers to execute their attacks. By leveraging multiple RASP checks, the customer was able to maintain the environmental integrity their SDK runs on.
Preventing threat actors from reverse engineering the app to understand your app code, logic, and flows to execute different kinds of attack
-
Maintain app and code integrity: One of the top 50 largest banks in the U.S. used DexGuard to secure its intellectual property inside its Android apps. DexGuard’s static and dynamic protection features prevent threat actors from being able to easily understand and modify their app’s logic and flow to gain access to sensitive assets embedded in the code.
Additionally, the previously mentioned U.S.-based SaMD developer that successfully met FDA compliance standards also leveraged Guardsquare’s products to secure proprietary technology inside their medical apps and SDKs. The same Brazilian bank that used Guardsquare products to meet regulatory compliance requirements did so by protecting their apps against tampering and reverse engineering attempts.
Guardsquare prevents potential revenue loss
"We were losing control of our apps. When we discovered that we were losing money due to fraud, we knew we needed to improve our security, and quickly. We realized that we could no longer securely protect our apps by ourselves.” — Information security expert, Top digital wallet provider
Insecure applications come with many security risks that can result in direct and indirect financial loss. This can range from IP theft, ad, malware and transaction fraud, regulatory fines, all the way to loss of user base and brand reputation damage. For instance, a 2022 study found that 67% of global survey respondents changed their bank or credit union after being notified of fraud.
Let’s look at some additional case studies that demonstrate how Guardsquare helps to protect our customers’ revenue:
Preventing revenue loss from piracy, fraud, and premium feature bypass
- Protect against financial fraud: A South Asian mobile wallet app provider with more than 2 billion recorded financial transactions across its Android and iOS apps, was losing money due to in-app bonus fraud. The company was able to leverage DexGuard and iXGuard’s API call hiding and app integrity checks to effectively block and eliminate these fraud attempts.
- Prevent brand reputation damage: A Southeast Asian mobile wallet and digital financial services provider experiencing record growth — handling billions of financial transactions annually — found that their DIY approach to security was causing performance issues. They needed to make sure that their apps were highly secure without degrading the user experience which could damage their reputation. Using DexGuard and iXGuard, the company was able to achieve this and fulfill its promise of providing a user-friendly and secure banking experience.
- Eliminate modded and cloned apps: A video and photo imaging software app popular in the U.S. and India was targeted and attacked by pirates who were able to decompile, modify, clone, and repackage their insecure premium app. These unauthorized copies were then distributed to third-party sites which illegitimate users could use for free, significantly impacting the company’s bottom line. The company was able to prevent this from happening by implementing a combination of static and dynamic protections offered by DexGuard on its app.
- Protect against content & service piracy: A Latin American Pay TV and streaming media company with mobile apps used by more than 10 million customers across 11 countries was experiencing exponential growth but needed app protection beyond the traditional content protection techniques such as encryption and Digital Rights Management (DRM). Without sufficient protection, threat actors can exploit client-level vulnerabilities to steal content or bypass premium restrictions to gain access to the streaming service for free. The company was able to prevent this by leveraging Guardsquare’s full range of products (DexGuard, iXGuard, AppSweep, and ThreatCast), allowing them to protect the apps with multiple layers of code obfuscation and polymorphic RASP, monitor threats in real-time, and find and mitigate app vulnerabilities before production.
Protecting community health on social media and mobile gaming apps.
”When we detected hundreds of bot attacks on our platform, we realized that we needed to improve our security posture immediately. [...] This is detrimental to the platform’s health as the engagement level enables them to commit different kinds of fraud” — CTO, Emerging social media platform
The health of the community in social media and gaming apps is crucial and can either make or break a business. Guardsquare preserves your user-base health by preventing attackers from being able to execute bot attacks or cheat using DexGuard and iXGuard. ThreatCast can also enrich your malicious activity and cheat-detection strategies by providing you with real-time visibility into how your apps are being used.
- Prevent coordinated bot attacks: An emerging social media app detected hundreds of bot attacks on its platforms. Using a variety of methods, attackers were able to hijack the app’s content discovery feature to spread misinformation and controversial content that was detrimental to the community's health. The app’s founders used Guardsquare’s code hardening and RASP features to successfully prevent malicious users from executing their attacks.
Optimize operational efficiency
Guardsquare equips customers with a complete, out-of-the-box mobile app security strategy. This allows each customer to conveniently apply a “security by design” approach throughout the development, testing, and monitoring of their mobile apps. Eliminating the need for planning, developing, and maintaining an in-house alternative allows businesses to focus on the growth of their company instead.
- Out-of-the-box solution: A European FinTech startup company needed to protect its mobile app and meet regulatory compliance requirements without slowing down release cycles while keeping the overhead low. The company was impressed by Guardsquare’s competitive prices as well as its ability to integrate DexGuard into the early stages of the development cycle to ensure a secure app and launch on schedule.
- Maintain business agility: An automotive software company that had to allocate dedicated resources to manually help their customers implement security against reverse engineering and cloning threats was able to shift the onus of their software’s security assurance from the client and provide additional peace of mind by leveraging Guardsquare’s code hardening and RASP features in its Android app.
Guardsquare customers can gain cost efficiency by streamlining their mobile app security tech stack across iOS and Android to reduce product bloat, and by utilizing Guardsquare’s complimentary mobile app security testing (MAST) and monitoring products.
Guardsquare provides protection without compromise
“DexGuard and ThreatCast have made [the app] more secure, faster, and better for users.” — Founder and developer, AI tool provider
A common consideration for organizations adopting mobile app security is whether incorporating protection will keep them from meeting deadlines or significantly alter the app’s code — affecting security and user experience. Guardsquare helps customers address these questions with:
User-friendly and straightforward implementation.
Ease of use and implementation: An Australian bank, one of the 30 largest in the Asia-Pacific region, needed to deliver new iOS and Android apps to the market on a strict deadline while meeting regulatory and compliance requirements. The company was able to transition seamlessly from using ProGuard to DexGuard and iXGuard — implementing the products with little to no additional overhead on the development team while passing the required pentests and meeting their app publishing deadlines.
Command-line tools that don’t need to access or alter an app’s source code.
- Safeguard your source code: DexGuard and iXGuard are on-prem, post-build command-line tools that can run directly on an app developer’s local machines. This helps ensure the security and privacy of your mobile application’s source code. The U.S.-based banking institution concerned with potential IP theft, credential harvesting, and tampering, was able to leverage Guardsquare’s products without risking its app’s source code.
Protection that doesn’t affect end-user experience
- Protection that optimizes user experience: DexGuard reduces download size by 50% and a mobile app’s installation size by more than half, even with additional new features. The South-Asian digital wallet provider who managed to prevent financial fraud, was pleasantly surprised to discover that DexGuard improved the performance and speed of its apps. Similarly, the Australian bank concerned with improving app security without sacrificing end-user experience achieved both goals with Guardsquare’s tools.
Guardsquare helps you to continuously improve your mobile app’s security posture
“The protection report Guardsquare offers allows us to easily and continuously evaluate, improve, and validate the protection configurations of our applications early in the development lifecycle." — CISO, Top 10 Pakistani commercial & retail bank
DexGuard and iXGuard’s protection report feature helps developers confirm and validate their security configurations, allowing them to apply optimal security to their mobile apps. By implementing both RASP checks and Guardsquare’s real-time monitoring tool, ThreatCast, developers can gain in-depth insights into the dynamic attack threats faced by the apps in the production environment to inform their future builds. These client-side threat insights can then be fed into existing monitoring tools such as performance & crash analytics, SIEM, and anti-fraud systems (i.e., QRadar, Splunk).
Stay on top of the ever-evolving threat landscape.
- Continuous security improvement: The South East Asian Hypergrowth FinTech Company which maintained its brand integrity with Guardsquare, also made full use of ThreatCast to maintain the visibility of their apps in production by enriching their existing SIEM system with real-time insights it collects about client-side environment, app, and code threats. As a result, they were able to maintain a 360° view of the security threats and risks their apps are facing and improve collaboration between their red and blue, as well as governance & risk teams.
Guardsquare is a partner you can trust
Guardsquare has built an industry reputation on providing award-winning security products, thorough customer support, and transparent and scalable pricing. Here’s what a leading mobile app payment provider shared about working with us:
“Everyone in the team, from DevOps all the way to developers, is impressed with the support Guardsquare provides. It’s good to know that you work with a partner that always has your back.” — Principal Technical Lead, Renowned Australian Bank
Executive Summary (TL;DR)- Guardsquare offers a suite of products that protect, test, and monitor mobile apps — providing a comprehensive, multi-layered mobile application security strategy to app publishers.
- Customers from across the globe in all major industries use Guardsquare for assistance in meeting compliance requirements, protecting their apps from data and revenue loss, and achieving app publishing deadlines while building a robust, multi-layered security posture.
- Guardsquare provides essential monitoring to improve an app’s security posture and help app publishers better understand the threat landscape.