Contact Us Blog Register Login
PreEmptive Solutions -
  • Home
  • Products
    • Application Protection
      • Dotfuscator for .NET
        • Overview
        • Features
        • Compare Editions
        • Xamarin App Hardening & Shielding
        • Videos & Resources
        • Pricing
        • Downloads
      • DashO for Android & Java
        • Overview
        • Features
        • Videos & Resources
        • Pricing
        • Downloads
      • PreEmptive Protection for iOS
        • Overview
  • Support
    • Product Support
      • Dotfuscator for .NET
      • DashO for Java & Android
      • PreEmptive Protection for iOS
    • Resources
      • White Papers
      • Glossary
      • Videos
      • Submit Support Request
  • Solutions
    • App Protection Solutions
      • Mobile App Protection
      • Desktop & Server App Protection
      • General Data Protection Regulation (GDPR)
      • Security Development Lifecycle
      • Mobile RASP
      • PCI Mobile Payment Acceptance Security
  • Company
    • About
      • Why PreEmptive?
      • About Us
      • Careers
      • Blog
    • Contact
      • Contact Us
      • Submit Support Request
    • Legal

App Protection Blogs

Rogue Apps: Facilitating Theft from Developers and Consumers

October 10, 2018 831 Views Sebastian Holst
Congressional briefing

That was the title of yesterday's congressional briefing organized by ACT | The App Association (in cooperation with the Congressional IP Caucus which is co-chaired by Rep. George Holding, Rep. Adam Smith, & Rep. Hakeem Jeffries).

As is often the case when presenting to different kind of audience (not software-centric), you’re forced to reorganize your thoughts – here are few that might be worth sharing.

Attendees were promised the following agenda:

  • Learn how rogue apps steal content;
  • Understand what access devices are enabling the piracy of content;
  • Learn about a range of app piracy methods used to exploit U.S. companies;
  • Gain insight into existing industry best practices and enforcement methods for combating IP piracy.

The panelists represented a nice cross-section of stakeholders.

  • Morgan Reed, President, ACT | The App Association (Moderator)
  • Tom Galvin, Executive Director, Digital Citizens Alliance
  • Greg Saphier, Senior Vice President, External Affairs, Motion Picture Association of America
  • Myself (Sebastian Holst, EVP & Chief Strategy Officer, PreEmptive Solutions)

First, I have to thank ACT (again) for their amazing work connecting software developers with their representatives (and vice versa) – and, more selfishly today, for inviting me to participate as a panelist (I always leave ACT events feeling maybe a little guilty hoping that I contributed at least as much as I took away).

Attendance

The bad news is that every representative is away campaigning in their districts – but that was actually the good news – this meant that their staff (who have heavy influence over their boss’ final positions) were free to attend – and we did indeed have a full house – with lots of questions that went beyond the scheduled time slot.

The following summary covers just two of the topics raised and my responses (I don’t want to presume to quote anyone else). I think that the fact that these topics are front of mind on Capital Hill and this audience is extremely important all by itself.

Question 1

As a developer of protection tools for software applications, can you tell us what your clients are experiencing in terms of piracy? (both consumer facing apps and enterprise software attacks)

My response: Consumer facing

  • There’s the obvious category of primary authors of games, reference, and “convenience” apps – apps whose algorithms or content can be readily repurposed.
  • We also see App development shops with specialties like (for example) consumer banking. They target smaller banks, savings & loans – these companies have a toolkit that lets them efficiently develop “custom” apps for each bank and their theft is a direct threat to their core business model.
  • Another category is the technology specialist that delivers niche libraries of – for example – graphics functionality – that other development organizations use. What’s interesting about these is that we see them include IP protection requirements in THEIR licensing terms to their clients, e.g. other development shops. It’s often their clients who need to work with us in order to meet their contractual obligations.

Enterprise facing

  • An interesting example that is uniquely enterprise is a compliance service provider that migrates massive volumes of archive files and email from any old format that a company might have used over the past 30 or 40 years. The “dictionary” of translation logic to clean up all that data is extremely valuable IP. While no one translation is all that valuable – the sum total in their library of all formats represents hundreds of person years of effort.
  • Any kind of simulator – automotive, flight, or any kind of “physics” engine
  • Illegal upgrades to equipment whose functionality is controlled by software – like cars and sophisticated measurement equipment is also an interesting piracy threat – it’s not the software but the equipment that is actually being pirated.

Question 2

So, pirates or hackers are not just ripping off content to redistribute it for a profit. Tell us more about why hackers are attacking your clients’ apps?

My response: We’ve seen a dramatic rise in hackers using apps as a means to get to the data that flows through those apps – examples include

  • Financial
  • Healthcare
  • General PII

As encryption has become more effectively deployed, hackers use developer tools like debuggers to access the data at the only time it isn’t encrypted – when it’s in use – in memory –

They use developer tools to see user data – but also tokens, passwords, and other sensitive data that can be used to elevate user privileges and execute unauthorized code as well.

In fact – from an engineering perspective – there is virtually no distinction between stealing content as a means to compromise systems, e.g. using a trusted brand to deliver a malicious payload versus compromising software or a device to steal valuable content like movies or games from a jailbroken Firestick.

So... the hacking breakthroughs for one criminal pattern (like watching illegal movies) can be equally useful to a multitude of other criminal activities – and – as such – are widely shared and valued by other classes of pirates, cyber-criminals, and nation-state actors.

There were many more questions (and answers) of course - if you’d like to learn more about this briefing and others like it - visit www.actonline.org and introduce yourself – if you have any comments or questions on the topics raised here – (or would like to learn about how PreEmptive Solutions is helping others), please do not hesitate to contact me directly.


Start a Free Trial

Tweet
Share

Categories

  • Dotfuscator

  • Dotfuscator CE

  • DashO

  • Press Releases

  • Mobile Protection

  • Risk Management

  • Support Corner

Recent Posts

Hardened Apps = Harder Target = Reduced Corporate Risk

target

There’s an app for that.

Apple’s (now trademarked) slogan is perhaps more telling than the company intended: Organizations rise and fall on the strength of applications — well-integrated, full-featured apps can help drive market success, while offerings more limited in scope and functionality may prove disastrous.

The sheer volume of both external and internal applications has also created a new challenge for companies: Risk management. Cybercriminals are both creating custom code and leveraging tools available on the Dark Web to compromise applications, steal corporate data and wreak network havoc.

Read more

GDPR Goes After Google — And Your App Could be Next

Google

GDPR fines were inevitable. Despite years of lead-up and months of warning before the legislation came into effect last May, many companies simply weren’t prepared for the complex (and evolving) nature of EU privacy expectations.

Now search giant Google is in the compliance law’s cross hairs: As noted by Bloomberg, Google has been assessed a $57 million fine because it “fails to adequately explain how it collects data to offer personalized advertising.” For some experts, the fine is a warning of things to come — companies must improve their data handling or face the consequences. For others, the penalties are a step too far with a purpose too vague.

The hard truth? No matter where opinions fall, GDPR fines are now out in full force — and your application could be next.

Read more

Data Breaches in 2019: Why the Hackers are Winning (And What You Can do About It)

scary hacker

Hackers are winning. As noted by Information Age, data breach reports are up 75 percent over the last two years — while part of this increase is tied to emerging legislation and disclosure requirements, a quick look at tech headlines makes it clear that attackers are coming out ahead in the fight to keep corporate networks, applications and data secure.

But it’s not all bad news. Armed with knowledge of the current breach landscape — along with actionable insight to protect critical assets — organizations can start to even the score and put hackers on the defensive. Here’s what you need to know.

Read more

Android Developers Gain Major App Security Boost with DashO v9.2

DashO 9.2

DashO 9.2 is available for immediate download and includes two powerful new controls:

1) Emulator Check, a new injectable control that

  • Detects when a hardened app is being executed on an emulator (even if that emulator is not rooted), and
  • Responds with the one or more pre-defined defenses and/or app-specific defenses – all in real-time.
Read more

Protecting Java Android Applications that use Butter Knife



Butter Knife is an annotation processing library that helps streamline boilerplate Java code in Android views. At compile time, Butter Knife annotations are processed to generate the relevant UI code to make views function properly.

When obfuscating applications that use Butter Knife, there are specific configuration patterns you should follow. The code that connects generated classes to their views uses runtime reflection under the hood. Because of this, the original name of the View is required.

When configuring DashO we need to:

Read more

preemptive logo

 

 

767 Beta Dr. Suite A
Mayfield Village, OH 44143

Tel: +1 440.443.7200

solutions@preemptive.com

Latest Blog Posts

Hardened Apps = Harder Target = Reduced Corporate Risk

February 5, 2019
Read more

GDPR Goes After Google — And Your App Could be Next

January 25, 2019
Read more

Data Breaches in 2019: Why the Hackers are Winning (And What You Can do About It)

January 9, 2019
Read more

Android Developers Gain Major App Security Boost with DashO v9.2

January 2, 2019
Read more

Protecting Java Android Applications that use Butter Knife

December 26, 2018
Read more

Twitter

We're exhibiting at @RSAConference 2019. Also attending? Meet with our team at booth 6566 in the North Expo Hall to… https://t.co/6KiQNewSyV 2m • reply • retweet • favorite

Copyright © 2018 PreEmptive Solutions

  • Home
  • Contact Support
  • Blog
  • Contact
Scroll to Top

PreEmptive Solutions uses cookies to improve the functionality of our website. By using this site, you agree to the use of cookies.