Digital security software specialist Verimatrix has launched its first product since being acquired by rival Inside Secure (though the merged entity has adopted the Verimatrix brand). Called ProtectMyApp, the service arms developers directly with mobile application security – protecting against reverse engineering and tampering activities, which the vendor warns can lead to hefty financial losses and data theft.
In what Verimatrix claims is a first-of-its-kind cloud service, all it takes is a simple upload of compiled applications to the ProtectMyApp website and within minutes a protected application is returned. It encompasses a number of security techniques, automatically setting protection points and using intelligent optimization to harmonize the field between security and performance, increasing self-protection of the device at system security level.
Verimatrix CSO Asaf Ashkenazi, from the Inside Secure side, confirmed that ProtectMyApp is an Inside Secure product with Verimatrix branding. “Quite often the simplest things are the hardest to develop. If a company claims to have launched something like this in six months, I guarantee it has flaws,” he said. “ProtectMyApp draws from the Inside Secure code base so the foundations were in development long before the acquisition of Verimatrix.”
He said the acquirer had inherited and extensive customer base through Verimatrix and said the new launch highlights how Inside Secure’s client technologies marry well with the server systems of its new unit.
With Inside Secure’s experience in the IoT ecosystem, the service protects a roster of applications whether designed to be an interface, such as an airline or vehicle app, or an application serving as the actual business interface, such as banking, gaming or medical services. As well as addressing any vertical market, ProtectMyApp highlights how application security expertise is coming within reach of developers of all sizes without breaking the bank.
ProtectMyApp detects potential vulnerabilities through a mix of client security and cloud-based analytics to deliver alerts, allowing developers to terminate application execution when an imminent threat is detected. It says developers can deny access to service for applications running on emulators or debuggers and block cloned or repackaged applications from accessing the service.
“Obfuscation is the first stage of protection which protects against reverse engineering. This makes it difficult for hackers to find the code and even if they do eventually find it, then it is very difficult to understand. Most hackers are lazy and even if you are unlucky enough to get a determined hacker, we can still protect it,” said Ashkenazi.
He was understandably defensive about the years of grueling development which has gone into ProtectMyApp, batting away assertions that Irdeto or Nagra could easily come out with a competing service.
“This is worlds away from CAS and DRM security. It’s hard to believe these competitors could launch something similar,” he insisted, noting that the new software builds on Inside Secure’s acquisition of software obfuscation specialist Metaforic back in 2014. He did acknowledge that Irdeto has similar capabilities through its acquisition of Cloakware, even further back in 2007.
The launch of ProtectMyApp comes only a week after Inside Secure completed its transformation into Verimatrix, reflecting the latter’s stronger branding particularly in the USA. At the time of the merger, the companies said they would place high emphasis on mobile banking apps, and that is reflected in last week’s launch. The ProtectMyApp website lists Visa, Amex and Mastercard among its endorsers, along with Cisco and HBO.
Verimatrix insisted these aren’t fully fledged clients yet, although the company confirmed that HBO uses its Code Protection tools for its streaming apps.
As for pricing, after getting 14 days free protection for up to two apps, ProtectMyApp offers three tiers, costing $499 a month for unlimited protection of two apps, $999 a month for up to six apps, and $1,499 a month for up to 10 apps. All tiers cover commercially deployed apps and includes access to the community forum.