No-code platforms are a key tool for organizations to better secure their own mobile apps.
Mobile software is frighteningly insecure, warns Tom Tovar, CEO and co-creator of Appdome. This is not a tenable situation for mobile app publishers.
The company’s no-code software removes the costly and time-consuming in-house process of building in security and fraud protection. It provides a valid alternative to development organizations hiring outside programmers.
The power of no-code lies in its ability to shift roles from professional programmers to IT workers who can build an app or website. Such tools make it possible for IT to balance convenience and speed with the cost considerations entailed with outsourcing coding projects.
No-code technology enables non-developer users from different business teams such as HR, finance, and procurement to build custom apps without having to write a single line of code. IT workers and others within an organization can build their product by dragging and dropping components and making use of existing app templates.
That scenario is where Appdome comes into play. The company’s technology can be a game-changer for mobile app developers and publishers looking for a hands-on approach to secure Android and iOS mobile apps.
Most development organizations adopting DevOps already have highly automated processes in place. The only way to secure apps without delaying the release and increasing budgets is by automating that process too.
“It is simply too complex, cumbersome, and expensive to do so manually,” Tovar said.
Pivot to No-Code
Founded in 2012 as a mobile software security firm, Tovar joined the company four years later as CEO and co-creator of the Appdome platform. The company has offices in Redwood City, Calif., and Tel-Aviv, Israel.
Appdome is the heart of the company’s mobile app security solution, noted Tovar, who nudged the company towards a no-code solution for mobile app security and fraud prevention.
“The patented Appdome no-code platform employs artificial intelligence and machine learning to build security features into a mobile app binary. This provides all kinds of protections, including man-in-the-middle prevention, data encryption, code obfuscation, jailbreak and rooting prevention, fraud prevention, and more,” he told bluehillco.
Consumers Bemoan Lacking Security
Prominent on Appdome’s website is the “CISOs Meeting Consumer Expectations of Mobile App Security in 2021” report that covers responses from 10,000 mobile consumers in different countries and demographic audiences. It shows clearly that mobile consumers no long will settle for “security awareness,” assertions.
Consumers today have high expectations of security and malware prevention in every Android and iOS app. App makers who fail to comply risk churn and cancel culture in their mobile business.
Appdome sees its mission as protecting the mobile economy and mobile app users. The security firm does this with a no-code mobile security and fraud prevention platform. It puts the global mobile transformation and DevSecOps adoption in mobile development pipelines.
A large majority (73 percent) of all consumers would stop using a mobile app if it left them unprotected against attack, and 63 percent say security is as important or more important to them than (app) features, Tovar said of the survey’s results.
“Consumers expect that every app is to be secured equally, another major finding from the global mobile consumer survey,” he observed.
Insider’s View About Mobile Security
During our conversation I spoke further with Tovar about no-code technology, and the state of mobile app security and fraud prevention.
bluehillco: How is No-code technology changing the way enterprises develop and use apps?
Tom Tovar: No-code technology is making it much easier for mobile app developers to create secure apps. Most security implementation is still a highly manual process, and skilled security specialists are in high demand and hard to recruit.
It is even more difficult in the mobile app world because iOS and Android require significantly different approaches. A large number of development frameworks from which to choose exist. It is a very complex situation.
How does that impact the development of mobile apps?
Tovar: Security implementations can dramatically slow the delivery of the mobile app. In turn, this can significantly hurt revenue in such a highly competitive space, as well as increase costs.
What are typical use cases for no-code technology in mobile app security and fraud prevention?
Tovar: There are many! Banking apps, for instance, are notoriously insecure, even though they tap into a bank’s most sensitive back-end systems and provide access to customer accounts.
For example, a white-hat hacker who recently probed the security of 30 apps from a variety of large global financial institutions found that 99 percent of the mobile apps that researchers reverse-engineered contained hardcoded API keys and tokens such as usernames and passwords to third-party services.
Are banking apps an isolated example?
Tovar: No, Fintech relies heavily on mobile apps to deliver its services, and they absolutely must be secure. Health and wellness apps may not seem like they contain valuable information, but they do.
In fact, health records are far more valuable than credit cards on the black market because they contain personally identifying information useful for stealing identities and perpetrating fraud.
Why is Appdome’s software a benefit to DevOps and enterprise IT automation?
Tovar: Shift left in security — finding and preventing defects early in the software delivery process — is a key trend in 2022. Many of the CISOs and VPs of mobile engineering I talk to are looking to implement security earlier in the development cycle.
Our software automates the implementation of security and is fully compatible with the way developers build their apps today. DevOps teams can use the Appdome API to seamlessly integrate the process of building security features with existing build systems and CI/CD pipelines.
This allows DevOps teams to deliver true system-to-system reliability and scale for both their consumer as well as employee mobile apps.
What are the biggest challenges mobile app users face today, and how is Appdome addressing these issues?
Tovar: Consumers are not happy with the “buyer beware” state of mobile app security. They expect publishers to protect them. In fact, more than two-thirds (68 percent) said that publishers have an even higher duty to do so during a pandemic.
Unfortunately, unless a big breach gets big play in the press, there is really no way for consumers to differentiate between secure and insecure apps. So, they are stuck unless publishers find a way to consistently, quickly, and affordably ensure their apps are secure. Appdome provides the means to accomplish these goals.
How does Appdome’s software technology work?
Tovar: Appdome is a security build system that uses patented machine coding to build security features into Android and iOS applications. App makers do not need to make any changes to their mobile apps to build a secure version on Appdome.
The creation software requires no source code, no development experience, and no user data to operate. It also requires no modifications to the mobile applications, no SDKs (software development kits), or manual coding. As a machine, it can complete mobile application security projects with ease, usually in a few seconds.
Securing mobile apps is a simple three-step process. One, upload a mobile app binary (APK or AAB for Android, and IPA or bitcode for iOS) to the platform. Two, select the security features needed to complete the project. Three, click on the Build my App button.
Developers have the choice of using the Appdome console to do this work or build the desired security features to their mobile app using an API. They can incorporate Appdome into their existing DevOps processes with a few lines of code that will connect to our platform and secure the app.