A guide to mobile application protection
- The big picture
- What needs protecting
- Develop a threat model for your application
- The four layers of mobile application protection
- Decompilation and modification
- Dynamic analysis and tampering
- Emulators and Virtualization Apps
- Network communications interception
- Mobile app fraud
Attackers target assets. And we can categorize these assets into three main types:
- Internal data and intellectual property (IP)
- Restricted functionalities
- Sensitive user data
During the course of this guide we’ll focus on these assets, how attackers attempt to access and exploit them, and how you can prevent them from doing so.
Identifying how attackers seek to achieve their objectives will go a long way in helping you to create a threat model, which we’ll also cover in this section. Carry out this foundational process and you can put your app in a stronger position to defend itself against attacks of all kinds. To that end, we’ll also introduce what we consider to be the crucial four layers of mobile application protection.