Financial Services
Privately / Publicly Owned
Private
Employees
1000+
Challenges
Solutions
This FinTech company is one of the largest digital wallet providers in South Asia, with more than half of the mobile money users in the country. Their mobile wallet app is widely used, enabling its customers to access essential payments and branchless banking services from anywhere in the world.
In 2022, the company’s revenue grew by ~50% YoY, as a result of strong growth in monthly active users (MAU), reaching close to 17 million MAUs (+10%), and a 30% increase in total transaction volume. They have recorded more than 2 billion financial transactions, across Android and iOS platforms.
“I used to spend 50-60% of my time ensuring that the security aspects of our apps are up to scratch. After working with Guardsquare, it is now down to around 25%, allowing me to focus on more important aspects of our business”
- Information security expert Top digital wallet provider
The digital wallet provider had two full-time employees responsible for the security of their Android and iOS applications. Despite having in-depth expertise in cybersecurity, they could not keep up-to-date with the increasingly complex threat landscape as their business grew. Threat actors were able to reverse engineer, clone, repackage and redistribute their apps to the pirate stores, negatively impacting their brand and app reputation. They were also losing money due to in-app bonus fraud carried out by hundreds of dishonest users.
"We were losing control of our apps. When we discovered that we were losing money due to fraud, we knew we needed to improve our security, and quickly. We realized that we could no longer securely protect our apps by ourselves.”
— Information security expert, Top digital wallet provider
The company’s security team needed to quickly find code protection solutions that reliably protected against these attacks without impacting the performance of their Android and iOS apps. The solutions should enable them to pass their internal pen-testing and maintain the apps’ compliance with the country’s banking regulatory compliance. The company was also looking for a monitoring solution that could help them continuously improve their security posture by providing them with real-time data on the types of attacks their apps are facing in production.
The company chose Guardsquare’s products after a thorough evaluation of the available solutions on the market. They chose Guardsquare due to its reputation, the breadth of advanced security features offered by its products, and its extensive use in the financial services industry. The security team was particularly interested in the Runtime Application SelfProtection (RASP) capabilities provided by DexGuard and iXGuard.
This feature prevents users from dynamically tampering with the apps during runtime. Using Guardsquare’s real-time monitoring solution, ThreatCast, the company was able to monitor how the apps are used and receive real-time information on these dynamic analysis attempts, such as debugging and hooking tools, repackaging attempts, escalation of privilege, emulators, virtual environments, and many more.
The company also layered the security mechanisms provided by DexGuard and iXGuard, including API call hiding, obfuscation of classes and fields, and many more. This layered approach provided them with in-depth protection against static and dynamic attacks. Guardsquare’s polymorphic protection capability ensures that the security protection profile of the app changes with each build. This effectively nullifies knowledge gained by attackers from attacks on previous releases.
“Our security team found DexGuard’s and iXGuard’s API call hiding and app integrity checks to be exactly what we needed to address the cloning and repackaging attacks we were experiencing. Additionally, the environment integrity features they provide would ensure our apps can only run on unrooted/non-jailbroken devices.”
- Information security expert Top digital wallet provider
Using DexGuard and iXGuard, the company fully protected its Android and iOS applications and quickly passed internal pen-testing requirements, and maintained compliance with the national bank’s standards and regulations.
More importantly, the company has now resolved the financial fraud problem using static and analysis protection features the solutions provide. Attackers were no longer able to reverse engineer, tamper or create modded versions of their apps. Using DexGuard’s advanced code optimization feature, they were also able to improve their Android app's performance.
Our team had used ProGuard in the past to optimize our Android apps and do some basic name obfuscations. Hence, migrating to DexGuard was quite straightforward - and it was a significant upgrade from ProGuard. We were pleasantly surprised to see our apps run faster after implementing DexGuard. Similarly, iXGuard has also ticked all of the right boxes for our iOS apps
- Information security expert Top digital wallet provider
The security team now has in-depth knowledge of the types of threats - such as environment, app, and code threats - their apps are facing in production using ThreatCast. The real-time data ThreatCast provides, help them gain insights into how and where their security posture needs to be improved.
"We were amazed but also taken aback when we saw the number of attack attempts our apps are facing. On average, ThreatCast reports hundreds of thousands of attack attempts that both DexGuard and iXGuard manage to prevent each month" continued the Information Security Expert, Top Digital Wallet Provider.
The company is now in the process of evaluating the integration of Guardsquare’s free mobile application security testing tool, AppSweep, into its CI/CD pipeline to further improve the security and resiliency of its apps.
Guardsquare offers the most complete approach to mobile application security on the market. Built on the open source ProGuard® technology, Guardsquare’s software integrates seamlessly across the development cycle. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication.
More than 900 customers worldwide across all major industries rely on Guardsquare to help them identify security risks and protect their mobile applications against reverse engineering and tampering.
The creators of ProGuard® | www.guardsquare.com