Protecting apps against mobile IP theft in the post-perimeter era

The speed and urgency with which enterprises across industries and sectors are having to undergo digital transformation have left the majority struggling to remain in control of their data and Intellectual Property (IP). This is especially true, given that these assets can no longer be protected within the corporate firewall alone. The reported billion-dollar losses to hacking and cyber attacks around the world each year, clearly indicate a problem.

As companies embrace society’s Appification and introduce mobile applications into their workplace and business model, their endpoints and the threats extend far beyond the control of traditional perimeter-based security. Yet, as more and more companies adopt the use of mobile devices and apps, many are failing to take the necessary security measures, such as mobile app protection software. 

With as much as 80% of worker tasks estimated to take place on mobile devices by 2020 (Source: Gartner), securing them should be a top priority for enterprises as we shift into the post-perimeter era. For that companies must also realize that just as easily as an app can “make” them, it can also “break” them when valuable and innovative source code is stolen. This is because mobile apps are inherently vulnerable to hacking and reverse engineering. Read further, in order to understand this phenomenon and learn how to better protect your mobile applications against the growing threat of mobile IP theft.

What is mobile IP theft?

Intellectual Property is defined as “a category of property that includes intangible creations of the human intellect” such as patents, copyrights, etc. Digital IP includes algorithms and source code. Mobile IP theft typically involves the piracy, and/or cloning of all, or parts of, a mobile app and/or its code. Overall, information theft is reportedly the most expensive and fastest growing cybercrime. In 2018, it was estimated that IP targeted cybercrime alone may account for $50 to $60 billion of global losses. It is an increasing concern, for instance, in mobile gaming— currently the biggest and highest grossing sector within the mobile app industry.

One highly publicized incident of mobile IP theft in gaming, which resulted in millions in losses, is the Flappy Bird case. By the height of the app’s success in 2014 —earning $50K daily— developers were reportedly uploading around 60 app clones a day, causing massive losses in revenue before being taken down.

Why and how should I protect my mobile IP?

So why bother with mobile apps, if they are so susceptible to IP theft? Because an app's vulnerabilities are also its biggest assets (flexibility and portability), designed to bring a multitude of services at your clients’ fingertips. That is why it is just as important to fully preserve app functionality, as it is to secure the app itself. This is where mobile application protection software (e.g. DexGuard, iXGuard, etc.) comes in. Yet most companies integrating the use of mobile devices in their business models do so without rethinking their cybersecurity measures. According to the Verizon Mobile Security Index 2019, only 45% of companies currently have mobile endpoint security in place.

Providing tailored protection to your mobile applications is crucial because apps are: 1) “in the wild” or circulating outside a carefully secured corporate perimeter (firewall) 2) obtainable in their entirety; meaning apps come with their full code and, because of this, are 3) easily decompiled and reverse engineered. Only mobile app protection software, such as DexGuard and iXGuard, is specifically designed to protect your app code integrity. With mutually reinforcing layers of non-stop protection integrated in your app code, DexGuard and iXGuard ward off security threats, while optimizing Android and iOS app performance.

Prevention is key, especially for innovation-focused sectors (tech, software, R&D, etc.) and trust-based industries (finance, e-commerce, etc.), where the theft of unique code and/or reputational damage can, by far, outweigh and outlast any amount of revenue loss. The case of a programmer charged with stealing million-dollar source code used for high-speed stock and commodity trades in 2009, for instance, notably cost Goldman Sachs both.

In addition to getting mobile protection software, there is a range of other measures you can take in order to provide your apps with further protection from IP theft, such as building your own app and patenting it. As only app code and UI elements –not an app idea itself—can be copyrighted, this can only protect you from direct copycats and not from variations on your idea/concept. And in case your app is eligible for a patent, this measure can protect app functionalities and variations. However, as only unique or special functionalities are patentable, it is always best to check with a patent attorney to see if your app meets the requirements before filing a patent request.

Not only is it difficult to fully prevent mobile IP theft, but it is also nearly impossible to insure against— as there are currently no policies providing protection of source code or IP. Most insurers only offer coverage for theft of “tangible” property. Yet cyber liability insurance may still serve as damage control in cases eligible for economic compensation.

Conclusion

Ultimately, only mobile app protection software can ensure the best available mobile IP security— as it is the only measure that can specifically safeguard the source code of your Android and iOS apps against the reverse engineering and hacking involved in mobile IP theft.

Only DexGuard and iXGuard ensure advanced protection via multiple layers of app hardening, by making it virtually impossible for third-parties to gain access to your app’s internal logic. Their integrated protection consists of two complementary defense features: code hardening (encryption and obfuscation) and runtime application self-protection (RASP). The first protects apps from static analysis and makes sure the source code is unreadable to hackers that manage to decompile or disassemble them. This prevents hackers from gaining insight into the structure of your app, extracting or altering the code and/or exploiting vulnerabilities. RASP, on the other hand, detects and prevents dynamic analysis and real-time attacks by enabling your app to monitor its own integrity, as well as the integrity of the device on which it is running.

Learn more about how DexGuard and iXGuard can help you protect your business and mobile apps here.