We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Enterprise iOS, Android apps can be outfitted with tighter security

Mocana will offer its "injectable" app security features for existing and new enterprise iOS apps as well as for Android. Developers don't need to access the source code or write new code to protect mobile apps.

Mocana's Mobile App Protection 2.0 automatically analyzes an app, and lets IT groups choose up to four key security policies to add to it: automatic data encryption, passphrase authentication, secure cut-copy-paste to prevent data being moved outside of the app, and a per-app VPN tunnel. MAP 1.0 was released for Android in November 2011; the 2.0 release now works with iOS apps.

MORE: Android phones will keep getting exploited, researchers say

"We assume the underlying device is corrupted and we assume that the enterprise does not have control over the device," says Adrian Turner, CEO for Mocana, based in San Francisco. The combination of the four protections reflect this: They can protect the data on the device, protect it in transit between the device and the enterprise, limit access to authorized users, and block users from moving the data into unsecured documents, storage, emails or IM sessions.

The Mocana server decompiles the app's binary image, and analyzes its structure, including the I/O and information flows. The company specifically targets custom iOS and Android apps developed by or for a given enterprise, according to Turner. Via a Web-based portal, an IT staffer selects from the available security features to add to the app, and the Mocana server generates and inserts the necessary code automatically.

"We have a [patent-pending] code analysis capability," Turner says. "We can decipher how the app works independent of the underlying logic. We focus on how the app interacts with the network, for example, abstracted from the application's business logic. Then, we can inject code into the right places where it doesn't affect the app."

For encryption, Mocana relies on FIPS 140-2 certified encryption and Suite B algorithms; its digital certificate/public key infrastructure combines standards-based and proprietary technology, optimized for mobile apps; and it can set up individual apps with a VPN client for secure communications with an array of VPN termination products.

Mocana's approach dramatically simplifies what otherwise is a major development burden. Typically, developers have to use a set of APIs, and make sure they implement security correctly for each app. An alternative approach is to sandbox the app and its components, but Turner argues this doesn't give developers fine-grained control over specific security features for an app.

A third alternative is to create a virtual machine on a device and run a separate OS for the enterprise mobile apps. "But the second OS is not secure just by being separate," says Turner.

By contrast, Mocana's server and injected code can add specific security features to each app. According to the vendor, four of the top five Android tablets license the company's technology.

Mocana's software is deployed in partnership with software vendors that sell enterprise app store and mobile device management (MDM) applications. An IT administrator creates the Mocana app security policies using the MDM console, then loads a completed enterprise app into the Mocana MAP server, along with the policy file. The server adds in the security features and the app is transferred to the corporate app store (or to Mocana's own App Catalog). There can be different versions of the same app, with different security policies depending on the user, their job function and so on. The apps are download and installed as they usually are.

Mocana 2.0 is available now as part of an early adopter program. General release is scheduled for June 1. The software is available via enterprise app store vendors and mobile device management vendors, so pricing can vary. These vendors typically offer a yearly, per-device subscription, that's heavily discounted at higher volumes, according to Turner.

John Cox covers wireless networking and mobile computing for Network World. Twitter: http://twitter.com/johnwcoxnww Email: [email protected] Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Read more about anti-malware in Network World's Anti-malware section.

IDG UK Sites

Android M Developer Preview announced at Google I/O: Android M UK release date and new features. Wh?......

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Ben & Holly's Game of Thrones titles spoof is delightfully silly

IDG UK Sites

Mac OS X 10.11 release date rumours: all the new features expected in Yosemite successor