This problem should get worse before it gets better. Mobile application sales are predicted to reach $77 billion by 2017. This will cause the problem of counterfeit or pirated apps to increase and it affects both developers, their brands and the users that download them. Who wouldn't like a piece of the $50,000 that Flappy Bird game was making out of in-app advertising and sales?
Web Application Tampering is also becoming increasingly prevalent. Attackers first try to control the device, by infecting it with malware or by tricking the user to install some browser plugin. They then tamper with the client-side directly by injecting malicious code. The goal is to capture and exfiltrate sensitive data as user credentials or credit card information, steal money, change the appearance of the app or trick the user into unwanted actions. The banking sector has been particularly affected with tens of millions of dollars stolen from users bank accounts.
But companies from all sectors (e-commerce, media, among others) are risking having their platforms changed and the experience of their users tampered with, with consequences to their business and reputation. Malware sometimes also install malicious ads that are shown when you visit specific websites. But tampering is not only performed by malware, and it's not always involuntary. Users are installing browser plugins to have price comparisons injected into e-commerce websites. It can get them better deals, but from those e-commerce websites' perspective, it's stealing a significant percentage of their customer web traffic.
According to the company, the new level of resilience comes from stopping attackers from automating attacks to the code by making Jscrambler's code transformations more polymorphic - which basically means the protection engine will produce very distinct obfuscated versions with each build - and by introducing new cutting-edge features to further conceal any sensitive logic and data contained in the code. As reported by Jscrambler, a switch to a more app-centric platform was also a goal for this version. They claim developers can now easily manage the protection of their apps within Jscrambler.
A new interface is able to provide almost instant preview of the resulting protected code as options are selected, making it easier to understand the individual effect of each applied transformation. "The choice of transformations and where they are applied has gotten also simpler and straightforward. You can pick each target you want to transform, be it strings, classes, functions and see the effects on your code in real-time. Easily creating your app, swiftly managing its different versions, effectively protecting it and deploying it - those were our goals and we guarantee security professionals and developers will enjoy the experience", concluded Pedro Fortuna.