Market Overview

Mobile Apps Secured With Data Theorem's TLS Pinning Protect Data From Eavesdropping Better Than Web Browser App Equivalents

Share:

Data Theorem's TrustKit with TLS Pinning Actively Stops Eavesdropping
and HTTPS Man-in-the-Middle Attacks

Data Theorem, Inc., a leading provider of modern
application security
, announced today that mobile applications
equipped with TrustKit, Data Theorem's Transport Layer Security (TLS)
pinning library, protect the transmission of data better than web
applications. The new level of mobile app security ensures user privacy,
maintains data integrity, and blocks unknown attackers.

TLS pinning stops eavesdropping and HTTPS man-in-the-middle (MiTM)
attacks. Accessing medical records or bank statements is safer through
mobile apps with TLS pinning than through a hospital or banking website
via a web browser. While TLS pinning has existed as a concept, Data
Theorem's TrustKit, a free open-source security library, is the
industry's first solution to significantly ease the equipping of mobile
apps with TLS pinning. TrustKit delivers protection for data
transmission in modern apps superior to security in web browser
applications.

"TLS pinning ensures that mobile apps are less likely to be vulnerable
to certificate attacks – which ultimately can enable man-in-the-middle
attacks and eavesdropping," said Professor Dan Boneh, head of the
Stanford University Applied Cryptography Group and co-director the
Stanford Computer Security Lab. "It is particularly valuable when
connecting phones to a mobile hot spot or to a hotel Wi-Fi where you
have little control over how your data is routed. It is also important
when connecting in less stable countries where you might be worried
about the certificate infrastructure."

TrustKit has a growing community of thousands of application developers,
allowing it to further "anti-eavesdropping" as a new standard in mobile
app security. Data Theorem recently announced that TrustKit
has identified more than 100 million eavesdropping attempts
on iOS
and Android applications, where apps in active mode have blocked 100
percent of those attempts.

TLS pinning is a security capability to prevent active eavesdropping
(MiTM). TLS Pinning ensures the client checks the server-side
certificate against a known copy of that certificate before executing
any sensitive network communication. Browser vendors have largely moved
away from pinning since Web browser pinning (aka HPKP) required too much
effort for site operators to maintain properly, and it could not be used
against all other sites. The ability to update certificates quickly on
mobile platforms is far better than with desktop web browsers.

"Thanks to the effort of the TrustKit community, customers are
developing mobile applications that are more secure than their web
browser equivalents," said Alban Diquet, Data Theorem Head of
Engineering and author of TrustKit. "TrustKit is the industry's first
solution to offer mobile app developers an easy-to-use TLS pinning SDK
to encrypt network communication for mobile apps. One of the benefits of
TLS pinning on mobile is actively stopping threats to organizations that
are commonly introduced by mobile device spyware and compromised
Certificate Authorities (CA)."

While the TLS pinning concept for mobile apps is well known, it has been
very difficult and time-consuming to implement (TLS pinning in mobile
apps requires both significant operational and code-level changes).
TrustKit facilitates code-level implementation in a matter of minutes by
providing a "drag and drop" TLS public key pinning library. Whenever an
eavesdropping attempt occurs, the TrustKit library within the app sends
a notification report back to Data Theorem for the delivery of rich
analytics, visualizations, and alerts of malicious attacks and potential
downtime.

Download and Availability

Data Theorem's TrustKit is available free for open source developers and
users. For more information, see: https://analytics.datatheorem.com/.
To download the developer SDK, see: https://github.com/datatheorem/TrustKit/.

About Data Theorem

Data
Theorem
secures today's popular applications. The technology scans
modern applications on a continuous basis in search of security flaws
and data privacy gaps. The core mission of Data Theorem is to analyze
and secure any modern application anytime, anywhere. Empowering
companies with secure code, such as TrustKit, allows companies to build
safer apps that protect data better. Data Theorem was founded in Palo
Alto, Calif., with international offices in Paris, France, and
Bangalore, India. For more information visit www.datatheorem.com.

Data Theorem and TrustKit are trademarks of Data Theorem, Inc. All other
trademarks are the property of their respective owners.

View Comments and Join the Discussion!