Appdome is on a mission to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry’s only mobile application Cyber Defense Automation platform, powered by a patented artiﬁcial-intelligence based coding engine, Threat-Events™ Threat-Aware UX/UI Control and ThreatScope™ Mobile XDR. Alan Bavosa is the VP, Security Products at Appdome.
“My mission is to make it easy for mobile developers and cyber-security teams to build comprehensive mobile app security into Android and iOS apps using automation to protect both their businesses as well as their consumers from all sorts of cyber-threats,” he said. “This is why Appdome built the world’s first and only Cyber Defense Automation platform designed for developers to deliver any combination of 100’s of protections and threat intelligence into Android & iOS apps – in all sectors including healthcare – without changing any of the tools they use to build apps today. I’ve always had a passion for the constantly evolving world of technology and find being part of these changes and developments through Appdome truly exciting.”
Here he tells us about data security in digital healthcare and the cybersecurity risks in medical health apps.
Hello Alan, Appdome was founded in 2012 – how has data security changed since then?
“In the past, data security was focused on large organisations and companies that needed to protect their data from breaches or theft. Organisations would build a perimeter defence at the network edge only to allow access to authorised personnel. The attack surface was much smaller, and the nature of threats was less complex and a known entity. The world of cybersecurity is much different now, as the attack surface has expanded, threats have become much more sophisticated and complex to detect and defend and the nature of the adversary is increasingly more organised and highly motivated. They use automation and AI to speed and scale attacks with ease and precision. Additionally, there’s more regulatory scrutiny, especially in industries such as healthcare and finance. This necessitates a more different approach to protecting mobile users, apps and data.”
Tell us about the cybersecurity risk in medical health apps.
“Mobile apps are now the dominant way consumers interact with brands, making them an increasing target for attackers seeking personal data, financial information and more. As the popularity of medical health apps rises – thanks to the practicality they offer especially in a remote world – so too do the cyber threats. mHealth mobile apps, like any other digital platforms, are vulnerable to a myriad of cybersecurity threats particularly because they deal with vast amounts of highly valuable data that cybercriminals can capitalise on in many ways, and many mHealth apps lack basic protections against cyber-threats.
“We all carry around our lives in our pockets and most mobile applications have woefully inadequate protection because it’s so difficult to achieve given the traditional tools in the market. Now, the average consumer is being targeted and threatened through the channels they use most – mobile.
“One of the key security threats that mobile consumers rank as one of their top fears in using mobile apps is fraud, synthetic fraud in particular. In fact, fraud is the biggest fear on the minds of British mobile app users, according to a recent survey of mobile apps users worldwide. Another key threat is related to data harvesting/theft/breaches - unauthorised access to sensitive user information, such as personal health records, can occur if the app's security measures are inadequate. If data is not encrypted or stored improperly it can be accessed or manipulated by unauthorised parties. Then there’s malware and trojans, fake apps, spyware, and, as well as keyloggers, overlay attacks, accessibility service abuse via malware, as well as permission abuse and weaponization of the mobile app via a wide variety of methods.
“Another growing threat to mHealth apps is malicious bots, which target insecure backend APIs. Malicious bots are created to engage in fraud, data harvesting, financial theft and countless other malicious actions. Particularly significant is the fact that malicious bots are becoming increasingly sophisticated and harder to detect, often mimicking human behaviour or abusing legitimate mobile app activities and workflows, making it challenging for conventional security measures to distinguish them from legitimate traffic or users. As bad bots continue to evolve and adapt it has become imperative for organisations to implement mobile-specific advanced bot defence solutions.
“Automation and AI have become instrumental tools for cybercriminals, allowing them to scale their operations and execute attacks with unprecedented efficiency and speed.
“Something as simple as a patient taking a photo to upload to their app can leave a trace on their camera app, which makes the device and data open to malware. Malware is a huge issue, especially if an operating system is compromised. Through jailbreaking or rooting a device, an attacker can harness control over the device, including all apps and files. In the case of mHealth apps, hackers use these techniques to target vulnerable apps and steal valuable patient data that hasn’t been protected properly. Without the right protection, the provider of the app may never know the breach is taking place, leaving them powerless to stop it. While these techniques are more sophisticated, they are becoming increasingly common and it is worrying to see how apps set up for our physical and mental health could be used to steal data.”
How are you changing this dynamic?
“To protect apps, brands and mobile users, manual coding of cyber security is no longer a viable option, as security and dev teams simply cannot keep up with the rapid pace at which the threat landscape is evolving. App makers need to respond in kind to counter the escalating threat of cybercrime in mobile. The implementation of automated, AI-assisted no-code techniques is imperative for cyber teams to level the playing field and keep their apps, data and customers secure.
“No-code techniques, empowered by AI enable a dynamic defence, capable of adapting to evolving attack strategies. By automating the implementation of mobile app protection, coupled with real-time threat detection and automated response, mobile developers and brands can stay ahead of the advanced threats to keep their mobile users safe. They afford a rapid, adaptable defence against cyber threats, ensuring the integrity and confidentiality of sensitive information in the face of relentless criminal endeavours.
“Additionally, the solution needs to be capable of detecting and defending against the thousands of threat vectors unique to mobile apps. This requires real-time threat and attack intelligence collected at the source from inside the mobile app. By doing so, organisations can take advantage of real-time threat intelligence as threats and attacks occur across all channels and enable the use of that threat information to build and deliver new security, anti-fraud and anti-malware protections into Android & iOS applications as part of the DevOps pipeline, all in a way that does not derail the mobile development team.”
How is your cybersecurity automation defence platform working to defend medical health apps?
“Appdome is making medical health app protection easy on DevOps teams by empowering them to build, test, release and monitor mobile app protections using our no-code Cyber Defense Automation platform from within the CI/CD pipeline to defend against hacking, reverse engineering, mobile fraud, malware, malicious bots and ransomware as well as other emerging threats that target mHealth apps. Appdome also helps mHealth app providers safeguard user and health data as well as comply with health industry regulations such as HIPAA, for example by encrypting all data inside mHealth apps and protecting data in transit and in memory. Some other basic security requirements most of our mHealth customers use is code obfuscation, root and jailbreak detection/prevention, anti-tampering, anti-debugging and protection against other dynamic attacks.
“At Appdome, we are working with healthcare providers, including the likes of Prime Healthcare, to ensure their apps are safe for use by both staff and clients. We do this in several ways. Firstly, we ensure our customers are fully protected against all the OWASP Mobile Top 10 Risks as standard, while also aligning protections to the privacy regulations of different regions. At the same time, we tailor the support we provide to the specific vulnerabilities each consumer app is facing, be this through encrypting data, shielding apps or changing code. We have also introduced several components to prevent fraud before it starts.”
Tell us about your plans for the next 12 months.
“We have several exciting plans in the pipeline, including more partnerships with leading DevOps platform providers and enhancements to Appdome’s ThreatScope mobile threat intelligence platform and continue to foster the Pen Tester Community for a more secure mobile app economy. We love providing services that make people and businesses feel safer and more confident and our advancements deliver this. It’s been exciting to be part of this journey for as long as I have been, and I look forward to continuing it.”
Check out our free upcoming virtual event, Manufacturing LIVE, 6th December 2023.
Other magazines that may be of interest - Healthcare Digital.
BizClik is a global provider of B2B digital media platforms that cover 'Executive Communities' for CEO's, CFO's, CMO's, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.
BizClik, based in London, Dubai & New York offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.
- Data-Driven Digital Healthcare from Cera and Google CloudTechnology & AI
- GE Healthcare: Defining the Future of Healthcare TechnologyTechnology & AI
- Kearney Calls for Improved Gender Equity in HealthcareMedical Devices & Pharma
- Redefining elderly care with Birdie's innovative healthcareDigital Healthcare