Guardsquare Announces Updates to Android and iOS Mobile App Security Solutions

Today we are proud to announce the releases of two updated mobile app security solutions from Guardsquare:
DexGuard 9.1 for Android and iXGuard 4.2 for iOS. With these new versions, we have improved usability and security by:

• • Improving real-time protection of iOS apps with Apple silicon detection
  • Improving SWIFT support for iOS
  • Improving support of app bundles for Android
  • Better forensics for ThreatCast users
  • Enhancing resilience at runtime by hiding decrypted iXGuard data
  • Enhancing the protection report

Improving real-time protection of iOS apps with Apple Silicon detection

With the introduction of Apple Silicon, the new Apple chipset based on ARM architecture, iOS apps can run on macOS too, which is a much less restricted environment. That could expose mobile apps to additional threats. To prevent that, Guardsquares' run-time application self-protection (RASP) provides additional checks that allow apps to discover whether bad actors are trying to run them on Apple Silicon macs.

Improving SWIFT support

With iXGuard 4.2, the Swift configuration has been made easier by extending iXGuard's view on Swift metadata.

Improving support of Android app bundles

Since the release of DexGuard 8.3 about two years ago, we have supported app bundles. This new upload format enables Google to optimize downloads for individual end-users by only packaging the necessary resource files, languages, native libraries, etc. Starting in August 2021, new apps will be required to publish with the Android App Bundle on Google Play. To facilitate support of this format, we have enabled RASP certificate checking in DexGuard 9.1.

Better forensics for ThreatCast users

ThreatCast, our mobile application security console that is free of charge for all Guardsquare customers, monitors your in-app security implementations in real time. In order to have better, more actionable feedback with the new release of DexGuard 9.1, we have expanded the amount of information reported by ThreatCast when a threat occurs.

Enhancing resilience at runtime by hiding decrypted iXGuard data

A key pillar of our multi-layer in-app security offering is code hardening, or defending your apps against reverse engineering and tampering with obfuscation and encryption. Sensitive data stored in your code is encrypted by iXGuard, but when the app is in use, that data needs to be decrypted to let the user interact with it. That gives a malicious actor the opportunity to attack your app. To reduce that risk, the new iXGuard 4.2 hides its decrypted data at runtime, and reduces the data’s lifetime in memory.

Enhancing the Protection Report

DexGuard and iXGuard generate a Protection Report for each mobile app build. This report validates and assesses the applied protections – grading your app’s security configuration against key risk categories, providing further recommendations to improve security efficacy and surfacing potentially beneficial features to activate. The new DexGuard 9.1 and iXGuard 4.2 improve Protection Report, adding warning suppression and more insights in the amount of entities that are matched by your rules, as well as warning about rules which seem out of place, such as when a rule matches no entities.