Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Mobile App Security Made Quick and Easy

22 Oct 2018 1  
Quixxi is an intelligent and integrated end-to-end mobile app security solution that allows developers to protect and monitor any mobile app in minutes. ​

This article is in the Product Showcase section for our sponsors at CodeProject. These articles are intended to provide you with information on products and services that we consider useful and of value to developers.

With over 52% of the global internet traffic now coming from mobile platforms and mobile applications becoming the primary way customers and consumers interact with the digital world mobile app security is no longer an afterthought but, an integral part of every developer’s toolkit.

Delivered as a SaaS platform and also integrable with automated Development Operations (DevOps) platforms, Quixxi Security streamlines the process of testing Mobile Apps for vulnerabilities, and allows developers to strengthen any mobile app’s resilience with just one click.

Quixxi is an intelligent and integrated end-to-end mobile app security solution that allows developers to protect and monitor any mobile app in minutes. ​

Scan

Quixxi Automated Vulnerability Assessment provides a detailed analysis of your app from a security perspective, reporting each detected vulnerability with a description, an explanation of the risks associated and recommendations for fixing the vulnerability. This information proves to be a useful resource to identify critical issues before your app is released to production.

AUTOMATED VULNERABILITY REPORT

Mobile apps are prone to both intrinsic platform-based vulnerabilities and flaws in their configuration.

Quixxi Automated Vulnerability Assessment is a quick static evaluation of your app to outline critical security weaknesses and receive useful suggestions to fix them.

Quixxi Scan performs a static analysis of the apk or ipa files via a simple drag and drop offering an immediate app pre-screening. Moreover, this report will help you understand which of the reported vulnerabilities can be easily mitigated with the simple integration of Quixxi Shield, an award-winning app protection solution.

Take a free vulnerability test

ADVANCED MANUAL ASSESSMENT

Extremely critical enterprise mobile apps – like the ones in fintech, healthcare, etc – often handle, transfer or store users’ sensitive data. A security breach can badly affect a company’s reputation and dramatically impact the daily lives of the end customers. Ensuring the highest safety standards will help to protect your entire customer base.

Quixxi Advanced Manual Assessment combines manual methods, network traffic analyzers and other security tools to check both the static and the runtime behavior. The assessment investigates any possible app flaws that might be exploited to dynamically gain access to infrastructure, system features and data that a third-party must not be permitted to access. Quixxi offers Advanced Manual Assessments as a service even on Web APIs.

OWASP INSPIRED

Both Automated and Manual Vulnerability Assessment services are structured to analyze the security areas as outlined in the OWASP Mobile Security Project guidelines, namely in the latest Top Ten Mobile Risks 2016.

OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate and maintain applications that can be trusted.

OWASP is in a unique position to provide impartial, practical information about security to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on security.

Shield

Quixxi Shield provides codeless protection against hackers looking to clone, tamper with, inject malicious code into and – in general – exploit your mobile app. A simple drag and drop both for Android and iOS apps is you need to apply a sophisticated set of state-of-art security layers, offering the necessary protection quickly and easily.

TAILOR YOUR SECURITY

Security is a concept that implies different choices and shades based on the particular target app.

For this reason we built Quixxi Shield in order to provide a full customization of mobile security and have you covered independently from your business area.

All the security settings are configurable directly from the portal via checkboxes, without any coding involved. Finally, Quixxi Dashboard will allow you to remotely monitor what’s going on and take the appropriate action when required

REVERSE ENGINEERING PROTECTION

Quixxi secures your mobile applications by destroying the hackers ability to understand your code by decompiling it. Depending on the platform Quixxi Shield leverages a variety of innovative and technologically advanced techniques

They include, but are not limited to:

Encrypted Strings – Quixxi can remove the hardcoded strings in the classes replacing them with native layer calls. Removed strings are encrypted and stored in the native layer in order to protect the associated data

Method Call Hiding – Quixxi can hide the method calls too, filling their body declaration with native method calls. Code readability for the attackers is going to dramatically drop down, in order to protect the trivial understanding of the business logic

Dynamically derived encryption keys – Quixxi doesn’t store the keys used to encrypt strings in the application and the key to decrypt encrypted strings will vary from application to application. Moreover different keys will handle different content

Randomization – Quixxi will replace the original variables and methods labels with incomprehensible ones that will be different for each application, in order to make the sequence of calls unique and unforeseeable

Spoofing techniques – Quixxi will fool the attacker and increase the cracking effort inserting spoof Android code in multiple ways

Library Protection – Quixxi can apply its effects also on Android libraries, supporting both aar and jar files. After a simple drag’n’drop the library code will be moved into the native layer

Debug log removal – Quixxi will remove the Android logs because they can provide hints for realizing a successful hack.

Static resources encryption – Quixxi will be able to encrypt the images used in your Android app.

TAMPERING DETECTION

Quixxi Shield makes use of an advanced technology to detect the genuineness of the app run by the final user. Our security engine ensures that both you and the honest users will not be easily exploited.

Threats Detection – Quixxi will automatically terminate your app instance whenever a runtime threat is trying to break the security configuration of your choice, providing directly on the portal both the attacker and the offence details.

App Integrity Check – Quixxi will double check if your app has been modified from its original version and close it when it is the case, preventing any risk for the final user.

In-App purchase protection – Quixxi will secure your app and defend it against the circumvention of the in-app purchase logic. Start cashing the premium features you are selling!

Debug log removal – Quixxi will remove the Android logs because they can provide hints for realizing a successful hack.

Static resources encryption – Quixxi will be able to encrypt the images used in your Android app.

RUNTIME PROTECTION

Many attacks are carried out by trying to exploit vulnerabilities at runtime. Even when it doesn’t come to piracy you may need to stop users from violating rules. Quixxi can remotely terminate the app instance whenever the right conditions for its execution are not met

Certificate Pinning – Quixxi can help implement properly the validation of the certificate expected to be received from the client app when contacting the server, preventing the session to start when the match doesn’t occur

Root/Jailbreak Detection – Quixxi can detect if an app is running on a rooted/jailbroken phone, where an unplanned excess of exposed data may happen due to a tweak of the official operative system. The final user will then end up being bounced out of the app for his own safety

Emulator Detection – Quixxi can detect if somebody is trying to analyze your app running it inside an emulator and close the app stopping this process

Attached Debugger Detection – Quixxi can detect if a debugger has been attached to the app in order to examine its variables and evaluate its expressions at runtime. In this scenario the app will be immediately terminated

Malware Detection – Quixxi can quickly detect upon app launch, if the phone in which the app is running has malware installed and make it inaccessible, avoiding consequences that can damage your business and/or your final customer

Runtime resources encryption – Quixxi can encrypt the files produced at runtime in your iOS app plus the Shared Preferences/User Defaults that otherwise can be easily accessed in rooted/jailbroken devices

Improper App Usage Prevention – Quixxi is able to message/block/unblock all app users violating community rules, fair use policies, terms and conditions or just pure common sense with minimum code integration.

Get Started for Free

Supervise

The Quixxi Licensing SDK lists all illegal users – forbidding them to use your app – and lets you send them push notifications to implement a conversion policy. Analytics SDK will provide your users insights and custom events to follow up and understand the app dynamics after it gets published. Diagnostics will help you fix your app taking details and debug files directly from the user who experienced the issue

LICENSING

Many paid apps are hacked and distributed by third party App stores for free. In the best case this results in a loss of revenue for the developer. In the worst case, the name of your app can be used as a trojan to sideload malwares on the users phone.

Licensing SDK gives you the possibility to list the details of all the illegal users. It allows you to check if the app has been downloaded from Google Play Store, Samsung Galaxy Apps or Amazon Appstore and to set a policy to automatically block whoever is running a pirated copy. Quixxi portal will display the breakdown of the illegal users and converted user per app version and per day. The blocking policies to handle piracy are already built-in and can be made effective simply activating them with a click from the portal.

ANALYTICS

When you release an app on the market it is useful to understand how the customers interact with the app after the download and then use this information to improve the user experience.

Analytics SDK helps you profile your userbase, with automatically retrieved details about OS version, app version, store used for the download and user device. You will also be given APIs to send email and country-wise location to the portal, if you decide to implement them. Moreover with a few lines of code you can add "custom events", i.e. custom situations to monitor for a simple check or for a future improvement. This information will be listed on Quixxi portal with the associated details, or displayed in pie charts per period for a quicker look.

DIAGNOSTICS

Diagnostics SDK provides you – the developer – the possibility to download from Quixxi portal the most significant debug files connected to every crash, exactly as if you had direct access to the user’s device in that precise troublesome moment.

Diagnostics SDK is distributed as part of the Analytics SDK. With such a tool you will get the real-time number of users affected by each crash, minimising the delay between the bug report and its fix. For each issue detected you will find an embedded basic research for solutions on Stack Overflow website. Quixxi portal also provides the Diagnostics breakdown with pie charts filtered per app version, OS version and device vendor.

Get Started for Free

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here