Meet the New AppDome. A great company just got better.

Posted by Tom Tovar

Jul 18, 2016 2:37:00 PM

We are so excited. Last week, we brought the entire team from the US and Israel to our Tel Aviv HQ and agreed to embark on this incredible journey together.  Our goal is to change the way mobile apps are developed and deployed in the enterprise. 

Read More

Securing Consumer facing apps and Gartner's take on mobile security best practices

Posted by Amit Lavi

Apr 4, 2016 5:24:00 PM

In a newly released research note, Gartner discusses mobile security as it applies to consumer facing apps. The piece, entitled “Avoiding Mobile App Development Security Pitfalls – March 2016” covers various aspects of the mobile app development landscape in detail, and offers a list of “do’s and dont’s” pertaining to mobile app security best practices. Especially noteworthy is Gartner’s inclusion of consumer-facing apps in the security stream of consciousness. CIOs and agile development teams around the world will soon be reading this fascinating report.

Allow me to provide an interpretation purely from AppDome’s point of view. In large enterprises for the last 15+ years, enterprise apps, servers, network infrastructure, and every other critical element of enterprise computing have typically been secured under an enterprise-wide security mandate. However, in the world of mobility, consumer facing apps have somehow been excluded from the security umbrella, even if those apps have been rolled out by the enterprise and handle highly sensitive data. To this day, this continues to be the Achilles’ heel of enterprise security and mobility. We know it and hackers know it.

After realizing the problem, the first generation of app wrapping techniques were developed – by this company and others. While implementation nuances varied from one vendor to another, the general architectural concept usually involved fairly kludgy attempts at ‘compartmentalizing’ the device and applications such that varying levels of control could be assumed by corporate IT for different ‘slices’ of the mobile environment, especially in BYOD environments. Even in situations where the company owns neither the device nor a majority of the stuff on it, they still need to protect the data flowing through the handful of business apps on that device, due to the fact that these apps usually connect back to sensitive systems in the enterprise. So if an employee-owned device that was also used for business functions is lost or stolen, then Corporate IT could remotely wipe the ‘enterprise portion’ of the phone, but leave untouched the photos from grandma’s big-game hunting trip (highly exaggerated example, but you get the point).

Fast forward to the present day, where ‘app-wrapping’ as we’ve previously known it is all but being declared dead. I’ll cover all the reasons WHY in a future blog post, but simply put, it didn’t work. One can make a credible argument that all of the woes of legacy app wrapping could be traced to one single root cause: Implementations required modifications to the application binaries and source code. Long story short: applications broke in unpredictable ways due to hard coded dependencies and lots of them, Dev cycles swelled and QA matrices exploded thanks to SDK conflicts and complex code integrations. User experiences degraded as native apps were no longer native, workflows were changed, clunky interactions were introduced, and security features were bolted-on in Frankensteinian fashion. The list goes on and on, and I don’t even need to mention dagger to the heart of legacy app wrapping with the introduction of iOS-9.

So App-wrapping has recently been superseded by app fusion – fusing security into existing apps, in a way that does not require the apps to change, and with zero impact on the user experience. The technology as well as the implementation are far superior for a myriad of reasons:

-No changes to application code…..absolutely zero. Fusing apps can be done in minutes, SDKs can largely be avoided which makes the whole process much easier to implement and far less work to maintain QA testing. Exactly what DevOps teams are looking for! Zero impact on functionality and performance.

Fusing apps takes just a few minutes and will not hold back your time to market. In other words the fusion process moves at the speed of mobile.

App Fusion is cross-platform and OS agnostic. There are virtually no differences between fusing apps in iOS vs Android and extending to other platforms is far simpler than wrapping.

Zero code integration means developers can enjoy all the features included in a given SDK, but without the need to work directly with the source code.

Previous SDK integration technologies had serious limitations which discouraged developers from protecting consumer facing apps, or just rendered the endeavor simply non-feasible. SDK integrations often imposed sizable impacts on app behavior, including degraded functionality or altered workflows, modified look and feel, even significant performance taxes in some cases. Not to mention limited as well as inconsistent platform support – with different code required for each platform and months of integration time.

Our own AppFusion technology does all of the above in a seamless process. That’s why Gartner and other industry analysts are noting the change in the app security landscape.

2016 will be the year that consumer facing apps are secured!

We all live by our mobile apps. The times, they are a-changing! The wretched state of mobile app security is about to end. App Fusion protects against man-in-the-middle attacks, malware attacks on local data, OS vulnerabilities and compliance breaches.

This breakthrough technology removes the obstacles and excuses standing in the way of securing consumer facing mobile applications. It’s easy and painless to your developers – and your wallet! And it’s good security. After all any security fabric is only as strong as its weakest link.

Here at AppDome, we strongly encourage your DevOps teams, Security Ops groups, CIOs and app Line of Business owners take a serious look at app fusing technologies.

Read More

Topics: Mobile data security, Consumer Apps, Data Breach

Consumers and App Data Theft – Who Should be Held Accountable?

Posted by Amit Lavi

Aug 18, 2015 8:34:00 AM

A shift has occurred in the cybercrime world, and it’s one that mobile app owners can’t afford to ignore. Recently, there’s been a sharp increase in app data theft incidents, primarily with the goal of stealing credentials and gaining access to bank accounts, credit cards, and gift vouchers.

Read More

Topics: App Data Theft, Consumer Apps

The Inherent Dangers of Fake Wi-Fi for Consumer App Users

Posted by Avi Yehuda

Aug 12, 2015 7:57:00 AM

When looking at the mobile security threat landscape, fake Wi-Fi attack vectors stand out as being particularly insidious. As consumer demand for mobile data increases, app users connect to Wi-Fi networks at every chance they get - coffee shops, parks, airports – and as a result, the risk of encountering a compromised connection naturally grows.

Read More

Topics: MitM, Fake WiFi, Consumer App Data

Stagefright: The New Face of App Data Theft

Posted by Jamie Rakover

Jul 30, 2015 5:11:00 AM

How vulnerable, exactly, are Android phones to app data theft? Based on recent research from mobile security expert Joshua Drake, 95% of Androids are potentially compromised by Stagefright, a media playback tool. 

Read More

Topics: Android, App Data Theft, Stagefright

Does Your App Expose Your Password?

Posted by Amit Lavi

Jun 24, 2015 8:14:00 AM

When developers either use unencrypted text protocol, or incorrectly implemented HTTPS, Big Brand Apps are being left vulnerable and exposed. Worried about your data? You should be!

Over the past few days we have seen an increasing number of articles discussing the vulnerability of Android apps. What is alarming about this movement in the industry is the root cause of much of these vulnerabilities; Best practices of secure coding are not being implemented, meaning not using HTTPS and correct security measures to protect personal details - such as username and password.

Read More

Topics: Mobile data security, vulnerability, Android

Is Your Enterprise Mobility Strategy BYOD-Ready?

Posted by Tal Gilat

Jun 8, 2015 8:16:00 AM

While there was some early speculation that BYOD was more of a fad than a trend, the verdict is in and the debate is over: BYOD is not going away anytime soon. And as far as employees are concerned, why should it? BYOD helps them get more done, while they spend less time stuck in their workstations. What’s not to love?

Read More

Topics: Mobile data security, Data Protection, vulnerability

App Wrapping: Ending the War between IT and Employees

Posted by Amit Lavi

Feb 25, 2015 12:54:55 AM

Traditionally, network security battles between IT and employees have centered on inappropriate use issues. For example, they involved an employee unwittingly or deliberately visiting an off-limit website, clicking the link in a seemingly harmless spear phishing email, or carrying out some other activity that exposed the network to imminent or potential data leaks and breaches. And while such battles have been protracted and driven more than a few frustrated IT professionals into early retirement, they frankly seem like the “good old days” compared to what BYOD is bringing to the clash. 

Read More

Topics: BYOD, Employee productivity, mobile applications, app wrapping

Healthcare’s Mobile Device Dilemma: Compliance or Productivity?

Posted by Hilee Avrahami

Feb 18, 2015 3:31:00 AM

While there was a time when organizations, professionals and practices speculated on whether mobile devices could or should be adopted for use in the healthcare sector, that time has clearly passed and the way forward is clear: mobile devices are here to stay. 

Read More

Topics: BYOD, CIO, Mobile data security, healthcare

How to Solve the Mobile Application Management Dilemma

Posted by Amit Lavi

Jan 22, 2015 7:32:02 AM

While grappling with complex problems is the norm for today’s CIOs rather than the exception, there is a particularly difficult and urgent issue that is causing growing concern both inside and outside the space: finding a way to secure and deploy both market and in-house developed applications for corporate BYOD use.

To start with, whereas enterprise mobile apps were once seen as optional, it is clear that they are increasingly being viewed as essential. For example: 

  • Healthcare organizations such as New York’s Mount Sinai Medical Hospital are using mobile apps to help clinicians improve workflow communication efficiencies. And with the global market for health apps expected to reach $26 billion by 2017, the trend will only intensify. 
  •  Insurance providers such as Freedom Health have streamlined operations and increased performance by equipping their sales agents with a mobile app for completing insurance applications while out in the field. 
  • Sales professionals are using mobile apps to access updated customer account information, and to run analytics and forecasting tools that clearly and often convincingly show customers why they should “close the deal’.   

Read More

Topics: mobile applications