Why RASP?

Industry statistics show that a high percentage of smartphones apps including mobile financial and banking apps run on untrusted devices, i.e. devices that the app owners have no security control over.

The factors responsible for this include:

• proliferation of malware-infected apps, including some apps downloaded from trusted app stores
• Inconsistent patching and OS versioning make it hard to ensure a consistent security baseline
• Unlike desktops, most mobile devices do not run robust antivirus or endpoint detection tools

In addition to protection from threats by external actors, RASP mitigates other risks in mobile apps including security holes that may have been inadvertently introduced during development, and other programming security compromises.

Lastly while both Android and iOS platforms provide some security tools to address these threats, they do not address user errors (e.g. downloading malware-infected apps) or security vulnerability that may have been inadvertently introduced during software development, nor the time window between when a vulnerability is discovered on a mobile platform and when patch fixes are released and eventually applied by end-users (zero-day attacks). With this in mind, users running outdated versions of an OS provide ample opportunities for attackers to succeed.

RASP enables banks and financial institutions to protect their mobile banking channels from untrusted or compromised mobile devices, by creating a real-time, security ‘ring-fence’ around banking apps.

Product Highlight

• Proactively shields applications from malware
• Prevents real-time attacks
• Protects integrity of mobile apps to ensure data and transactions are not compromised in untrusted and unknown devices
• Maintains mobile app run-time integrity even if a user inadvertently downloads a malware into their device
• RASP does not require special permissions on device
• User Experience (UX) is unchanged