DashO Root Detection & Defense is one Check that will not bounce!

July 28, 2017 3461 Views Sebastian Holst

I’m delighted to report that PreEmptive Solutions released DashO 8.2 for Java and Android earlier this week. Like most of our releases, it has a lot packed into it including:

Android-O support,
Kotlin support,
Improvements to our Android Wizard, and
Build performance improvements.

BUT the feature I’m most excited about is the addition of our latest Check Type, Android Root Detection.

I’m excited because our approach to real-time security continues to be unique and root detection is exactly the kind of scenario to highlight our approach.

In order to make my case, I need to take a step back and define what we mean at PreEmptive when we refer to a “Check” or a “Check Type.”

A Check in PreEmptive parlance refers to a real-time incident detection and response framework that includes the logic to check for an incident occurrence and a rich variety of response and alert options.

Check Types refer to the kinds of incidents we can look for (detect) and respond to.

Today, on Java, Android, and .NET, we have Checks (Check Type support) for application tampering, the presence of a managed or native debugger at runtime, absolute and relative timeframe expiry, and (now) rooted Android devices.

The most significant advantage that our approach offers is functional scope including:

Incident detection: There are many ways to detect a rooted Android device – we use lots of them combined with heuristics to ensure accuracy. This “ambiguity” extends to debugger detection and our other checks as well. Your developers don’t need to keep up with these moving targets – that’s what we do.
Incident response

Turnkey real-time incident response options with no coding or training include throwing exceptions, suspending an application, and exiting an application,
Turnkey real-time alerts that can include a broad set of metadata with offline-caching and encryption over the wire built-in; also implemented with no coding whatsoever
Extended incident response and real-time alert behaviors that incorporate your application-specific or custom code to address context-specific operational or risk-related requirements that only you understand.

Regardless of the platform or the Check Type, the Check framework is consistent and that offers a whole lot of advantages over setting a flag inside a program with an API and requiring developers to code their own response.

PreEmptive Checks are INJECTED post compile – and can be done at the same time (or independently) of obfuscation. Our approach to injection allows for the injection of our code AND yours – offering the best of both worlds.

Here’s a more complete comparison of the advantages of using injection specifically to implement application detection and response controls.

Control Implementation Characteristics

	Post-compile Injection	Programming
Complexity	Low: specialized behaviors such as incident detection or offline-caching of data are delivered as “turnkey” (no coding)	High: each application presents its own unique set of implementation requirements that must be designed and tested as “first class” features.
Effort and training	Low: injection patterns and configurations can be reused and shared across builds, releases, and applications.	High: expertise and effort required will increase proportionately to the number of applications and development teams managed.
Flexibility	Low: injection targets are often limited to method entry and exit points and highly customized interaction with other application functionality may be constrained as well.	High: controls implemented as code within an application have no inherent limitations.
Scalability	High: injection tasks can be included in build and deployment workflows through a centralized process ensuring consist and effective use.	Low: compliance must compete with the development’s backlog of fixes and features – application-by-application.
Transparency & Auditability	High: as a part of the build and deployment workflow, successful use is logged and archived. The log can be used to guarantee functional compliance and proof of compliance.	Low: proving to auditors or end-users that controls are present and do no more (or less) than documented would require code review rather than documentation review.

Why is our Check framework ideal of managing risks stemming from running an application on a rooted device? Root detection requires an evolving set of heuristics to ensure accurate results. We invest on keeping our algorithms up-to-date.

Once detected, appropriate responses will be highly variable based upon:

the application (banking or a medical device)
the application owner’s appetite for risk
the regulations governing the application, the application owner, and the user

Our unique combination of turnkey and extensibility functions ensure that you will be able to hit the right mix of defensive, reporting, and privacy features and you will be able to evolve them as needed.

In order to manage risk effectively, you have to manage it consistently. Our integration into production DevOps build and deploy pipelines ensures that your controls will be applied consistently and you will have the audit logs to verify your compliance.

Learn more about DashO for Java and Android (and evaluate the software) here.

Protecting Java applications that use Spring Framework Core

DashO has support for protecting applications that use Spring Framework Core. Spring can be configured either by custom annotations or XML configuration files, and DashO has support for both. However, applications that use custom annotations require additional handling.

There’s big money in artificial intelligence (AI) — reaching almost $12 billion over the next six years. As noted by research firm McKinsey & Company, companies are now in the process of building out the technology foundation they need for AI deployment, with 45 percent of executives already worried about not investing enough in AI to keep up with the competition. It’s not a baseless fear: The McKinsey research also suggests that AI adoption is following a standard “S-Curve” model, which starts with slow adoption by a limited number of businesses followed by rapid mass adoption as market opportunities increase and then slows again as stragglers are left behind.

Given the wide range of potential applications for AI and the evolution of core intelligence technologies, increased business interest is no surprise. What companies may not be prepared for, however, is the uptick in hacker usage of AI tools and solutions — what happens when attackers flip the AI script?

That was the title of yesterday's congressional briefing organized by ACT | The App Association (in cooperation with the Congressional IP Caucus which is co-chaired by Rep. George Holding, Rep. Adam Smith, & Rep. Hakeem Jeffries).

As is often the case when presenting to different kind of audience (not software-centric), you’re forced to reorganize your thoughts – here are few that might be worth sharing.

Attendees were promised the following agenda:

Learn how rogue apps steal content;
Understand what access devices are enabling the piracy of content;
Learn about a range of app piracy methods used to exploit U.S. companies;
Gain insight into existing industry best practices and enforcement methods for combating IP piracy.

App development now happens at breakneck speeds as companies recognize the need for first-to-market applications that exceed consumer expectations for usability and performance. The root of this rapid release cycle? DevOps — the combination of development and operations teams to deliver best-in-class applications ASAP.

But more apps on the market more quickly means more chances for security issues — as noted by Bank Info Security, 60 percent of all breaches over the last two years started with known software vulnerabilities. Bottom line? DevOps is getting apps out of development, but lack of security is putting them in harm’s way. There are no second chances when it comes to first impressions; users won’t come back if applications expose personal data or become malware distribution drones.

The solution? DevSecOps: Security as a fundamental aspect of application development. Here’s what you need to know.

Model–View–ViewModel (MVVM) is a common pattern used in WPF, Xamarin, and other types of .NET applications. There are different ways to apply the MVVM pattern, but they all share a few underlying concepts. I’d like to discuss these concepts, and how to successfully configure protection with Dotfuscator for MVVM-based apps.

DashO Root Detection & Defense is one Check that will not bounce!

Control Implementation Characteristics

Post-compile Injection

Programming

Protecting Java applications that use Spring Framework Core

Artificial Intelligence, Real Threats: Can Attackers Flip the AI Script?

Rogue Apps: Facilitating Theft from Developers and Consumers

No Second Chances: App Shielding and the Emerging Need for DevSecOps

Protecting .NET applications that use the MVVM pattern

Latest Blog Posts

Protecting Java applications that use Spring Framework Core

Artificial Intelligence, Real Threats: Can Attackers Flip the AI Script?

Rogue Apps: Facilitating Theft from Developers and Consumers

No Second Chances: App Shielding and the Emerging Need for DevSecOps

Protecting .NET applications that use the MVVM pattern

Latest News

Dotfuscator Adds Rooted Device Controls to Meet Exceptional Xamarin.Android Demand

Microsoft Build 2018

PreEmptive Solutions Launches GDPR Compliance Relief Program

Protecting Your Xamarin Apps with Dotfuscator

Third Major Dotfuscator Community Edition Release in 12 Months Expands Real-time Defense and Streamlines Xamarin Integration

Twitter

App Protection Blogs

DashO Root Detection & Defense is one Check that will not bounce!

Control Implementation Characteristics

Post-compile Injection

Programming

Latest Blog Posts

Latest News

Twitter