Last month we introduced mobile channel protection. This month we’re delivering on the promise to show you what it looks like in practice. And we’re zooming in on one specific layer: Isolation.
Mobile channel protection comes down to three things: Integrity, Isolation, and Intelligence.
Integrity means the application can defend and verify itself. Intelligence converts tamper-proof signals into smarter security decisions. Isolation ensures that critical operations take place in a secure vault. Each addresses a different layer of the mobile channel, but together they form a system where the output of each strengthens the next.
Our new mobile channel protection page makes the full case for why each layer matters and how they fit together. And with the Licel vTEE achieving EMVCo SBMP TEE approval across Android and iOS for the second consecutive year, this month’s edition of the Layers Bulletin focuses on Isolation.
What's new with Licel's solutions?
Licel vTEE Achieves Second Consecutive Cross-Platform EMVCo Approval
The mobile device is now many things at the same time; it’s a bank branch, it’s a wallet, it’s an identity document, and it’s a payment terminal. Trust has to be engineered into every layer of the application that runs on it. The Licel vTEE can help create that trust.
Sensitive mobile operations and transactions such as device binding, key handling, token generation, and request signing can take place in an isolated, trusted execution environment. Until recently, isolation meant hardware; secure elements and TEEs on the device. These will continue to be useful, but in today’s fragmented mobile ecosystem, hardware can be inconsistently available across devices, and slow to adapt as threats evolve.
The Licel vTEE is a virtual Trusted Execution Environment. Rather than being a replacement for hardware, it’s a layered, software-based augmentation of it.
It has just received a second consecutive EMVCo SBMP TEE approval across both Android and iOS. Independent evaluation from trusted laboratories matters more than ever, because mobile security cannot be something a vendor claims. The organizations that we work with - banks, payment innovators, and wallet providers - demand more than that because they are protecting things that matter to millions of people.
DexProtector’s Mobile API Protection Feature Available to All Enterprise Customers
If any layer of the mobile channel is compromised, the backend cannot trust what it receives.
Last month we explored why verifying that every API request comes from a genuine, untampered application is no longer optional — see our Knowledge Hub guide on protecting mobile APIs from bot attacks
Mobile API Protection is the communication layer of mobile channel protection. The security of the communication channel between a mobile app and its backend depends entirely on the static and dynamic protection layers beneath it. If the application has been compromised, the runtime manipulated, or the request signing logic traced, then the communication channel cannot be trusted, no matter how well it has been protected.
Remember, that DexProtector’s Mobile API Protection feature will be available to all DexProtector Enterprise customers from the next release.
What is Mobile Channel Protection?
Mobile channel protection isn't a feature, a control, or a category we've invented. It's the practice of treating mobile security as a system rather than a checklist; where trust is engineered into the application, the runtime, the device, and the communication channel.
Our new Mobile Channel Protection page sets out the full argument, explains why securing the application's code is no longer sufficient, and shows how the three pillars — Integrity, Isolation, Intelligence — work together as a complete approach. It's the foundation for everything else we publish on mobile security.
Thanks for reading this edition of the Licel Layers Bulletin. We'll be back next month with more product improvement updates and threat intelligence insights.
