Mobile App Security Should Be Different From PC App Security
2013.12.12
Recently, as the mobile application (app) business has become active in Korea, the attackers targeting it have also become more active. However, there are not many companies that have prepared countermeasures for this.
Earlier this year, an incident occurred where the popular domestic mobile game 'I Love Coffee' was copied as is. It was revealed that the illegal copy of I Love Coffee, 'Coffee Lover', was developed based on the source code of the original I Love Coffee hacked.
In addition, cases of hacking the payment module of a mobile game to illegally obtain game money have occurred countless times. The story that the game item sales exceeded 100 million won in just 6 hours after its release, but the actual amount received was less than 50 million won, is a famous anecdote in the mobile game industry.
Given this situation, mobile app security startups are appearing one by one. Lockin Company, which recently established a nest in Neowiz’s startup incubation program Neoply, is one of them.
On the 12th, Choi Myoung Kyu, CEO of Lockin Company (right in the photo), said, “Many domestic mobile app developers are complaining about damages due to copyright infringement or hacking. However, there is no proper way to fundamentally block such damages, so the damages are increasing.” He added, “Lockin is an integrated mobile app security startup established to solve the concerns of these developers.”
Before founding Lockin Company, CEO Choi worked at Neowiz Games’ game security team. He developed security software for online games serviced by Neowiz Games.
The reason he left Neowiz and founded Lockin is because of the ‘outdated state of mobile security.’
CEO Choi said, “Hacking technology that started on PCs has gradually become more advanced over time, and security technology has also developed along with it. However, the situation is different for mobile devices. Advanced hacking technology has been transferred to mobile devices, but mobile security technology is still in its infancy.”
CEO Choi explained that he founded Lockin to present a new security paradigm suitable for the mobile era.
Currently, mobile security is largely represented by vaccines, mobile device management (MDM), and obfuscation. CEO Choi explained that the purpose of mobile security cannot be achieved with vaccines and MDM alone.
He said, “Since the core function of vaccines and MDM is to protect the entire mobile device, the inspection wall cannot help but become thinner. This is because it is linked to the performance issues of mobile devices.” He also said, “Obfuscation is also very easy to decrypt with PC-era technology.”
The mobile security proposed by CEO Choi utilizes both vaccines and reverse engineering prevention. Vaccines detect and block memory hacking or hacking tools, while reverse engineering prevention prevents attackers from looking into the app source code.
LockIn developed a product called ‘LIMO (LockIn MObile)’ by combining the two. The biggest advantage of LIMO is its security policy that operates centered on the server.
Some hacking tools disable the security modules applied to the app. This cannot be resolved on the client side.
Son Chung-won, CTO (Director) (left in the photo), explained, “New hacking tools are the most difficult thing for developers to do when they evade the security modules applied to the app.” He added, “This problem can be solved if we give up the idea of detecting all hacking tools on the client. LIMO detects hacking tools on both the client and the server simultaneously, so it can prevent hacking tool bypass.” Another feature of Remo is that it is provided in the form of an API, so you can upload Remo with the developer's security module installed. CEO Choi explained, "Because it is operated centered on the server, the load on the client is reduced, and because it can be introduced in the form of an API, the security module is automatically updated without separate compilation."
