Proven protection for mobile banking and payment apps
DexProtector is a one-click, no-code app security solution. It makes app protection simpler and more streamlined - and by doing so it saves your time, your money, and your reputation with customers.
Trusted by financial institutions around the world.
Financial apps are under threat
In one recent attack, bad actors created an environment to mimic the phones of 16,000 mobile banking customers. This act enabled the attackers to drain millions of dollars from the victims’ accounts in a matter of days.
Incidents like this are becoming normalized. But only because apps aren’t hardened to block attacks.
Why protection for financial apps is so important
Not long ago, banking customers would go to a branch in person. This helped to foster loyalty and trust. But now your app is often the only thing your customers see, so securing it is the best way to build trust with them.
Robust app protection helps you to:
- Comply with regulations such as PSD2 and avoid penalties
- Prevent damaging loss of revenue and reputation
- Reduce your insurance premiums
DexProtector prevents the most common attacks against financial apps
-
Malware
Hackers are deploying increasingly sophisticated malware. Infection often begins with a phishing SMS before the malware uses hooking and fake screens to get users to share their credentials. Malware can live inside a seemingly innocent app unrelated to your financial app. It can lie dormant for months and only spark into life once your app is opened.
DexProtector's environment checks can spot hooking attempts, while its UI protection prevents screen capturing. And with integrity control enabled, you'd know if an attacker was trying to inject your app with malicious code.
-
Cloning
A fast-growing threat for financial apps is the creation of fake versions. Attackers spoof and decompile your legitimate app and then release their own bogus one. It can easily end up on a genuine app store for your unsuspecting customers to download. They then enter their one-time passwords, financial data, and other memorable info which is stolen by the attacker.
Cloning often begins with attackers stealing your app's code and resources. DexProtector uses code protection and resource encryption to stop this. And device binding blocks bad actors from stealing your app's visual style to create a fake version.
-
Man-in-the-middle attacks
Cybercriminals often exploit weaknesses in network connections to hijack the communication between your app and your server. If they succeed, it's possible that the details your customer enters on their device will end up at the attackerâs malicious server instead of yours. This type of attack also helps hackers to understand API calls and how to profit from them.
DexProtector's reinforced public key pinning blocks interception attempts. And certificate transparency stops more sophisticated attacks where the goal is to steal the certificate itself.
310 million mobile banking users protected
Cybersecurity is now a key trust metric when deciding who to bank with.
App security for a zero-trust world DexProtector secures your app from attacks wherever it's used. Try it today.
DexProtector's secure native layer makes financial apps safer to use
Bad actors are opportunistic. They don’t always have a set goal in mind when they attack your financial application. Instead, they put it under a microscope and scrutinize it. They look for weaknesses they can exploit. DexProtector’s advanced protection technology has one job - to frustrate them. Its 7 key features do just that. They block attack avenues, making your app safe for your customers to use.
Code protection and virtualization
This feature prevents static and dynamic attacks. A bad actor will often start an attack by decompilng your app and extracting valuable assets. They can also use more advanced tools like the JEB Decompiler to decrypt sensitive strings and understand the app’s logic. But DexProtector’s code protection and virtualization stops them from carrying out this vital first step.
Content protection
Zero code protection for your assets and resources based on strong cryptographic algorithms. Cryptographic keys are dynamically reconstructed at runtime based on your entire app or SDK. That means that key and content extraction attacks are impossible. DexProtector also uses dynamic analysis prevention measures to stop the dumping of decrypted resources from memory.
Integrity control
The integrity of your app or library is the most crucial part of its security. Without reliable integrity control, an attacker could tamper with it. DexProtector embeds a speedy, secure native engine into your app or SDK. As every protection function relies on cryptographic keys generated at runtime, DexProtector knows if a bad actor has made alterations. If that’s the case, it will stop the app from working.
Environment checks
DexProtector’s native engine blocks dynamic analysis and code injection. This defence is vital because these are the two most common techniques hackers use to attack your app or library. Runtime checks help to prevent debugging, hooking, running your app on emulators, and rooted or jailbroken devices. DexProtector can also detect the latest versions of Frida, Magisk and Zygisk.
Communication hardening
DexProtector’s reinforced public key pinning and certificate transparency mechanisms help to stop man-in-the-middle attacks. It makes sure that your app or library cannot establish a connection with an untrusted server. And it also reinforces the set of algorithms used for the secure transport channel. That means it can check that the communication is secure.
Secure execution environment and CryptoModule
A self-defending virtual trusted execution environment (vTEE) that looks after your cryptographic operations and key storage. It integrates into your app in seconds at the protection stage. No changes to your code are needed if you’re using Java/Android Crypto API. This feature makes key material exfiltration attacks and interfering with your cryptographic operations a non-starter for attackers.
UI protection
UI protection blocks screen capture and activity hijacking. Screen capture blocking hardens your app against screenshots, screen recording, and screen casting. Hijacking prevention protects your app from malware that takes control of it and replaces legitimate windows with bogus ones. And enforced use of the system keyboard ensures your app is not exposed to unsafe input from custom keyboards.
How DexProtector’s trusted security saves you both time and money
DexProtector is nimble and evolves to counter evolving threats. That means you can focus on creating a great app for your end users without having to worry about its code and data being exposed.
No code saves time
You get the peace of mind that your app is protected without having to invest valuable engineering time.
Ready for the zero-trust world
You can’t always know where and how your app is running. But DexProtector’s checks mean it’s safe whatever the environment.
Support for hybrid apps
App development is evolving with more frameworks than ever. If you’re using a hybrid approach, DexProtector can secure it.
Protection without a hit on performance
DexProtector’s unique native engine keeps your app safe behind the scenes without slowing it down.
On-premises protection
DexProtector isn’t a cloud-based security solution. It secures your app in an isolated, enclosed environment that you control.
Your protected app is just a click away
With one click DexProtector Studio shows you how your app is being protected. It also highlights potential vulnerabilities.
Android and iOS don’t offer enough protection for financial apps
Android and iOS offer some basic security measures. But not enough to protect financial apps that end users rely on for sensitive tasks and transcations.
Android in particular is highly fragmented because of the huge number of manufacturers and vendors. It’s estimated that 83% of users weren’t using the latest version of Android in 2020. That means they might not have had the latest security on their device.
Apple’s walled garden approach means that iOS offers more protection than Android. But it too is vulnerable to modern, sophisticated attacks.
Big tech companies like Apple and Google often update app store security requirements. But this isn't enough to stop bad actors from successfully publishing malware.
DexProtector operates at a deep level to block damaging attacks
Cybercriminals poke and probe financial apps for weaknesses. For example, they’ll often attempt to decompile your app as a starting point of any attack. But because DexProtector uses code hardening, they aren’t able to do so.
With that attack avenue blocked, they might plan to run a dynamic analysis instead. But to do that they’d need to create a special environment to use analysis tools. DexProtector’s environment checks can detect this and stop the app from running.
DexProtector shuts and locks doors at every turn. Doors that attackers would simply be able to push open if you relied on platform security alone.
Full-scope security out of the box
Try out DexProtector. We’ll be in touch to find out more about your app and set you up.