AppDome: “We offer financials a vaccination for the future”
— 23 december 2015FinanceInnovation attended Fintech Connect Live as partner of the event in Wembley Stadium, London. We spoke to several exhibitors, speakers and visitors. What is it that they do? What problem do they solve? Aaron Singer, Vice President Mobile Application Security, told us about his product and company: AppDome.
What’s your one liner sales pitch?
“We protect financial mobile applications against fraud, data theft and phishing.”
Why is that necessary?
“When people use mobile apps there are a several areas of risk that they are unaware of. For example, when trying to log in to a legitimate wifi they might log in to a malicious wifi instead. Once logged in on an app, the hacker is able to copy everything, including hidden files and so-called plist and JSON files containing passwords, credit balance, photo’s, locations and so on. What’s also happening a lot is hackers providing fake certificates, making the app believe it’s authentic, which off course comes with a range of dangers. In the US approximately 30 per cent of the apps have these vulnerabilities. In Europe that percentage is even higher. We offer a way for companies to vaccinate their apps from these attack vector from current and future threats.”
So there weren’t any other solutions against this kind of fraud and phishing?
“Well, as you might know there’s already a way to secure websites. Most financial institutions use SSL to protect their data. But SSL was never developed for mobile applications. Therefore, banks look for other solutions. There are alternatives, but they are expensive and require a very deep level of integration with the bank’s application. This not only slows down and disrupts the development lifecycle, but when changes are made to the app, which inevitably happens, this integration breaks and needs to be fixed. So, we believe it is time for a lightweight and affordable solution.”
How does your solution work?
“It’s very simple. We employ a dynamic wrapping process that works outside the development lifecycle. Customers simply upload there applications through our dynamic wrapping service and we wrap it in a security layer in minutes. From then on the information stored within the app and on the device is encrypted and all communication with the server is protected against theft in transit. If, for example, an app user connects his phone with a fake wifi, he will receive an alert that the connection is compromised and the app will exit.”
What do you wish to achieve by 2017?
“We believe that securing financial apps can be a lot more more affordable and less complex than they are right now. With our solution we lower the costs without the deep integration. In the next year or two we will achieve market penetration within most of the largest banks and, since we offer special programs for fintech startups to use our solution, we are confident we will become the de facto standard security solution for most fintech companies by the end of 2017.”