Monday, 27 April 2015

Apperyio launches a new unique Security plug-in for its 200,000 app developers, a leading app making platform with over 200,000 developers, has just launched a unique type of Security for apps that are built on its platform. In a partnership with MetaCert, the Security API is offered as a plug-in, making it easy for developers to protect end-users from phishing attacks.

In 2014, Symantec observed that 70 percent of social media scams were manually shared. These scams spread rapidly and are lucrative for cybercriminals because people are more likely to click something posted by a friend. Mobile was also ripe for attack, as many people only associate cyber threats with their PCs and neglect even basic security precautions on their smartphones. In 2014, Symantec found that 17 percent of all Android apps (nearly one million total) were actually malware in disguise.

While desktop browsers offer protection against phishing attacks by warning end-users of a potential threat, there is zero protection inside millions of apps that have browser-like capability. In order to display web content inside an app so users don't have to close the app to open a browser, developers use what's called a ‘WebView’. And to build hybrid apps that work across all mobile operating systems, developers must also use a WebView.

The lack of security inside apps with a WebView makes it easy for cybercriminals to make an attack on unsuspecting end-users. Even legitimate enterprise apps put end-users at risk. The spoofed websites are setup to either steal your personal credentials as soon as you type them, or worse, install malware, spyware or ransomware in the background and without your knowledge. Most apps don’t display the URL of websites, making phishing attacks on mobile even easier for attackers.

The MetaCert Security API is the first of its kind to address phishing attacks from inside the app. Developers can also use the Security API to block websites that are labeled as NSFW, helping companies to enforce content compliance policies.

To end-users, the added layer of protection is seamless. Apps with the Security plug-in check the reputation of web links in real time, providing an invisibly secure experience by blocking malicious links from loading inside the app.

If you look at the screen shots below  , you will find a good example of a malicious link inside an app. As you can see, it looks like a legitimate WhatsApp page being shared. In fact, this is a live phishing scam with the aim of stealing your login credentials. Even if you open the link inside a mobile browser you will facebook whatsappbe brought straight to the site without any warning. While desktop browsers offer protection against this type of attack, their mobile counterparts reason, offer no protection whatsoever.

None of the legacy companies are addressing this problem on the app-layer. And Google only announced their Safe Browser API for apps two weeks ago. Companies such as McAfee, Symantec, Cisco Security, Dell Security, Palo Alto Networks, Kaspersky and others, offer anti-virus apps and network-based filtering solutions. Network filtering and anti-virus apps are both unable to detect malicious URLs inside apps.

We're excited to be collaborating with MetaCert" said Max Katz, Head of Developer Relations for  "With our integration of the MetaCert Security API our joint developer community can rapidly build responsive web and mobile apps with the peace of mind that they are protected against malware and phishing attacks that can take place inside legitimate apps. They can also block NSFW content from being shared or used in their apps”.

App publishers want added protection for their end-users.

According to Irish Founder & CEO Paul Walsh, “the numbers speak for themselves - app developers want added security for their end-users. 44% of all apps published on last month subscribed to at least one of MetaCert’s Security services - of those, 87% subscribed to both. I believe enterprise app developers will be more likely to offer better protection to their customers now that it’s possible with a simple Security API.” 

Walsh goes on to say that “the Security API is extremely simple to integrate, taking platforms just a few hours to get up and running and minutes for a developer to add security to an app.

MetaCert offers developers 150 free API calls every month without any need for a contract. This helps developers to see the value of the service before paying for it.

MetaCert is prominent on the Apperyio plugin page here:
And here’s the actual plugin tutorial with lots of screen shots: