REX logo

LEARN

HOW TO USE REX AND WRITE SECURE CODE
Part 1: Introduction & security grading
Part 2: Transport Layer Security
Part 3: Certificate Pinning
Part 4: Data Storage
Part 5: Binary Protections
Part 6: Obfuscation
Part 7: Root/Jailbreak Detection
Part 8: Debug Protection
Part 9: Hook Detection
Part 10: Runtime Integrity Checks
Part 11: Attacker Effort & stacking
8 bit drawing of Jay

Secure Mobile Application
Development

Part 5: Binary Protections

Jahmel Harris, Technical Director

Attack Scenario: 2, 3

Appropriate binary protections should be present. A binary protection is a client side security control which will attempt to stop an attacker from reverse engineering or modifying the application. With binary protections, it is important to realise that with enough time and effort an attacker will be able to bypass any control. With appropriate controls, however, the level of skill needed to understand the application will increase. By stacking binary controls, the level of difficulty rises in relation to how many controls are implemented. This can often make it un-worthwhile for an attacker to target the protected application.

An application that's weak against this type of threat could be vulnerable to the following types of attack:

  • Spoofing e.g. by changing authentication tokens.
  • Code modification, including DRM bypasses.
  • Information disclosure of sensitive information including encryption keys or proprietary algorithms.
  • Reputational risk, where malware can be inserted into a once legitimate application.
  • Vulnerability research.
  • Security control bypass.

Many of the security controls in this section require constant improvement as attackers find ways to understand and bypass these client side controls.

< Part 4: Data StoragePart 6: Obfuscation >