[TECH] MOBILE APP ANTI-TAMPERING SOLUTION – TAMPERING
Hello. This is TEAM LIAPP.
This post will be discussing ‘Application Tampering’ that frequently occurs in various apps and which requires strong attention by Financial Supervisory Service.
Tampering refers to app counterfeiting and modulation, or to illegally changing mobile Apps and ‘Anti-tamper’ describes the technology that attempts to protect against those attacks.
Tampering includes any unauthorized alteration of a normal App by a hacker.
Currently, the main purpose of tampering can be broadly categorized by two parts:Firstly,
hackers pursue financial or non-monetary benefits by stealing the original technology as well as sales information that the app possesses or by illegally reselling or using unauthorized content of additional services.
hackers pursue financial or non-monetary benefits by stealing the original technology as well as sales information that the app possesses or by illegally reselling or using unauthorized content of additional services.
Secondly,
the apps you tamper with will be distributed under the guise of being the official apps, thereby taking away user’s information and making illegal financial or non-monetary profits.
Furthermore, hackers tend to build their own business models by allowing the app users to acquire paid content without permission and providing the falsified app to users whom in need by receiving certain amount of money.
Here are some real cases of actual damage caused by tampering attacks.1. Illegal capturing of personal information of service users through app tamperingA) Installation of a falsified app using black market distribution or malicious code in order to steal personal information.2. Extortion of money and important goods of service users through app modulationA) Use of forged app to extort points and sensitive contents held by service users.3. Extortion and change of critical information for services through app modulationA) Adjustment of the level of game characters’ ability
B) Modulation of proxy apps to intercept calls that do not meet one's requirements
C) Modulation of apps to steal company source technology and critical sales information
D) Release of source technology of services or important events by a competitor4. Falsification of app in order to convert in-app ads into those of hackers’
the reliability of the service can be decisively blown if user's personal information being stolen from the service. Of course, these falsified apps are not available in the official app store, so they are being distributed through private stores, private web pages or malicious code called a black market.
the reliability of the service can be decisively blown if user's personal information being stolen from the service. Of course, these falsified apps are not available in the official app store, so they are being distributed through private stores, private web pages or malicious code called a black market.
Case two,
usually appears in game money, game items, gift certificates, and financial apps, and can be a major impact on services as financial damage is immediately apparent.
(We didn't provide further explanation as many of you are already familiar with the cases.)
the reliability of the service can be decisively blown if user's personal information being stolen from the service. Of course, these falsified apps are not available in the official app store, so they are being distributed through private stores, private web pages or malicious code called a black market.
Case two,
usually appears in game money, game items, gift certificates, and financial apps, and can be a major impact on services as financial damage is immediately apparent.
(We didn't provide further explanation as many of you are already familiar with the cases.)
Case three
can lead to destruction of balance of the service or gain of illegal benefits.
For example, hackers improve the level of capability in games, illegally acquire property in games through automatic entry, and intercept calls from proxy driving apps. A vivid instance of app tampering is shown when numerous special offers become available at a lower price in the rival companies as soon as a special promotion of hotel reservation starts can also be an instance of app tampering.
can lead to destruction of balance of the service or gain of illegal benefits.
For example, hackers improve the level of capability in games, illegally acquire property in games through automatic entry, and intercept calls from proxy driving apps. A vivid instance of app tampering is shown when numerous special offers become available at a lower price in the rival companies as soon as a special promotion of hotel reservation starts can also be an instance of app tampering.
Case four
is an example of hacking that is usually found in free apps, where overseas hackers connect the ads to their own advertising accounts to steal one of the main revenue from app services, advertising revenue. Such incidents can also deal a direct financial blow to service companies.
is an example of hacking that is usually found in free apps, where overseas hackers connect the ads to their own advertising accounts to steal one of the main revenue from app services, advertising revenue. Such incidents can also deal a direct financial blow to service companies.
In order to prevent such phenomenon, Republic of Korea has begun to introduce mobile security solution in the financial and public sectors since 2010.
Anti-tampering solutions are primarily aimed at determining whether a completed app is tampered. Traditional anti-tampering technology has often prevented tampering by determining the status of the signing applied to the app or entering a specific value in the package file. However, current hacking techniques can easily bypassed this vulnerable way. If JAVA has a logic that determines app tampering, it can easily bypass tampering detection by modifying the logics.
Today's advanced hacking techniques make it easy to bypass the old-fashioned, vulnerable tampering detection technology.
Therefore, if the current JAVA requires Native code technology, which is more difficult to analyze or tamper with, and if a threat to modify the code by increasing bypass difficulty is detected, then two to three defense technologies must be implemented to prevent the app from operating normally and thus prevent regret.
Using a combination of two to three defense technologies, including modified code to increase bypass difficulty or to prevent the app from operating normally can effectively block tampering attacks.
In addition, because most of these tamper-proof technologies remember and examine the current state of completed packaging,
they often do not support situations where apps are changed by the system at the time of app store deployment as like Google app signing.
Therefore, when choosing anti-tampering solutions and technologies, it's important to select a solution that is technologically advanced and flexible enough to respond to any situation.
Next post will be discussing anti-tampering techniques.
