NetAdmin Interview – Providing Mobile Apps with an IT Security Force Field

2016/11/11

Digicentre started out as the information technology and security department of the Gamania Group. It is arguably one of the very few IT companies to be composed of white hat hackers spun off by the company that cultivated them. Apart from having a Class 2 telecommunications license that enables them to provide IDC services, the company draws on more than a decade of real-world experience in the game industry combating black hat hackers to provide IT security inspection services. These include penetration testing, source code review, and social engineering e-mail testing.

Over ten years ago, when most companies’ understanding of IT security went only as far as anti-virus software, Gamania already set up an information security division and had its own IT security team. Wei-ming Ting, the general manager of Digicentre, who was already on the team at the time, recalls: “At the time, Gamania was basically the place where black hat hackers were cutting their teeth and making their money. Since then, the IT security division spent a lot of time on internal employee education, from corporate culture to continuing education and training. We are proud to say that sensitivity to IT security is now second-nature to all employees.” 

No matter how much effort a business invests into IT security, even the most advanced equipment will be vulnerable to external threats if employees lack IT security awareness. After all, if an employee clicks on a malicious e-mail during a momentary lapse of attention, this may result in a successful penetration. The game industry has accumulated a great deal of real-world experience with combating different penetration attacks after long exposure to external IT security threats. This is why Digicentre now provides IT security services as well. Even if it does not encompass all industry-specific attack techniques, Digicentre can still help customers greatly reduce their risks.


App inspection and testing, a service that has gained traction in Taiwan over the last two years, is also one of the Digicentre technical team’s key strengths. Ting explained that developers with an understanding of IT security are still relatively rare. That’s why the IT security division usually became involved during the initial phase of game architecture design to help the development team examine potential risks on every layer. The appGuard service launched for the Android platform last year was the result of experience from App development. Digicentre discovered that players could easily use existing technology to acquire the APK file and decompile it the source code. The app protection measures that Digicentre developed was initially intended for the game industry’s own use. They recently discovered that banks and other industries have become more conscious of the need for app security as well. The result is the appGuard service that enables businesses to secure their apps with anti-decompiling protection, anti-tampering protection, anti-dynamic memory modification and data encryption mechanisms without having to provide the actual source code.

The delivery of the appGuard service is based on the client logging into the portal website then uploading their APK. The system then automatically applies protective measures to the APK. When done, the app is ready for download and use. For more APK with more complicated functions, a custom implementation is needed. Here, the R&D team first studies the App’s functions then develops the appropriate protective measures. Even the best protection may be cracked by brute force. If an app protected by appGuard does get cracked, Digicentre will adjust its protective measures until it can’t be broken by hackers. 

 

 

  

▲Wei-ming Ting, te general manager of Digicentre, notes that most app developers focus only on satisfying functional requirements and ignore security issues. Businesses or organizations can in future contracts require the implementation of basic security measures to ensure sound IT security in their apps. 

  

NetAdmin Interview – Providing Mobile Apps with an IT Security Force Field