When developing an app, more often than not, security is a secondary consideration for developers. Obviously, delivering an operational app and gaining users is the priority.
After launch, the two primary methods of delivering security are through 1) active security testing and then fixing the flaw and 2) application shielding products or “perimeter defenses” as we like to call them at BLAKFX. The issue with both, is that neither approach actually protects the data if a breach occurs. In our view, that is essentially no data security at all.
The major problem with security testing is that it only detects the weakness, it doesn’t actually repair it. As we all know, identifying a weakness and fixing it properly are very different issues. Also, penetration testing produces different results depending at what step it is introduced. For example, if security tests are run during the coding phase, then a solution can be considered without any real threat. However, if security testing is only conducted in the mobility phase, then the threat could have already been exploited and the cost and magnitude of the flaw are exponential. Conducting security testing at each phase of app development is also a costly endeavor and adds time to what is normally a “lets get to market ASAP” production schedule.
Similarly with shielding products (perimeter defenses). Many perimeter defense products are easily defeated by hackers through malware obfuscation. Encryption usually only protects data during transmission and does nothing for an app when your original data/code is at rest or in use.
The bigger issue though with perimeter defense is that the vast bulk of products are runtime application self-protection (RASP). These products are inherently flawed as they require the app to be able to detect attacks before they happen. This circumstance might be fine for known attacks, but if a new virus for example is introduced, they could be missed completely. Also an issue with RASP, is the talent required to develop it. Many app developers simply don’t have the internal resources to dedicate to it.
The data security weaknesses surrounding apps is at the root of why we at BLAKFX exist. The Helix22 SDK is designed to make any app 100% secure.
How we do this is through the genius of DNA BindingTM. This protocol embeds our encryption directly with the data/code. Helix22 is the first ever B2B and B2G product that can protect all your data while at rest and in use…not just in transit. To do this we invented and patented a user to user (U2U) encryption.
With most apps, there is not even an attempt at data security until the app is opened. If the Helix22 SDK is included in the app, then this is not the case.
Our cryptography means that the Helix22 encryption originates on your device. Therefore, opening the app means opening previously encrypted data. This means that the data arriving to your customized Helix22 key server, is already encrypted so all the server needs to do is issue another key. This key will only work with the receiving device, which generates a matching key required to open the data. In this protocol, Helix22 are truly a “zero-knowledge” server and even if subpoenaed, we can honor the request by just handing over the encrypted content…as that is all we have. Helix22 also only use keys one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user to user encryption (U2U) world, there is no opportunity for a data breach or leak.
Any app, protected by Helix22, is always 100% protected.
Let’s take it a step further. Even if you are a victim of an internal attack, any data that has been forwarded, downloaded, copied or saved cannot be opened. Period. We have the world’s foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstood quantum computing attacks.
Our founders also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. Helix22 is several generations enhanced since then.
Apps are part of our modern world. They should always be private.
To read more about app security, click here. It is a very thorough article.