Software security – Application Shielding

Source code and data are today’s crucial assets of an application. A layered security approach is the right way for preserving their integrity and confidentiality against attackers.

Do you need more information?

Download our product brochure 

Quarks AppShield in the Real World

Viaccess-Orca was looking for an organisation able to offer a high level of proximity and responsiveness to threats and this is what we have found with Quarkslab.

Our teams are now working closely together to obfuscate source code, protect encryption keys for our secure player as well as maintain the best ratio between performance and security.
 

Cédric Hardouin

Executive VP R&D, Viaccess-Orca

Reshaping the modern software security posture

In our modern environment, software is present in every aspect of our professional and personal life. As they are crucial in this aspect, applications also contain large amounts of personal, financial and medical data. The ever-growing rise of attacks has shown that building barriers around them is today no longer sufficient to safeguard applications. We must rethink the security approach for these endpoints and integrate protection measures from within, giving them the ability to defend themselves against attacks.

Quarks AppShield is built to this intent and provides a comprehensive set of in-app protection technologies for software running on mobile, desktop and embedded architectures. By layering several protection measures and counter-measures against a wide range of attacks, Quarks AppShield ensures that your applications, data, code and keys are safe.

Three components to protect code, data, and cryptographic keys

Quarks App Protect

Code & Data Protection

Deter attackers trying to reverse-engineer your application by applying several layers of software protection technologies.

Advanced obfuscation: with more than 30 possibilities of scrambling software blocks, functions and modules, the right security combination that works for your application while maximizing performances is at your reach.

Device Trust Assessment: by simply adding a few lines to your source code, your application will be able to defend itself against different types of static and dynamic analysis attempts.

Quarks Keys Protect

Cryptographic Key Protection

Concealing secret keys and unique identifiers from prying eyes is crucial, especially for applications running on untrusted environments.

Our white-box cryptography component hides cryptographic keys and operations in the application’s source code, preventing its recovery by attackers.

Quarks Digital Vault

Data Encryption and Secure Storage

Preventing data leaks and theft of sensitive data, such as Personal Identifiable Information (PII) can be done through encryption.
By combining hardware and software cryptography in a simple library, Quarks Digital Vault enables developers to encrypt sensitive application data easily.

Key Features

Quarks App Protect Quarks Keys Protect Quarks Digital Vault
Protection mode Static and dynamic Static and dynamic Persistent (on disk) keys & data
Protection layers

Code & Data obfuscation with more than 30 different passes available

Dynamic protections: anti-root, anti-jailbreak, anti-debug, anti-hooking, anti-dynamic analysis

Integrity checks / anti-tampering

Multi-level configuration: block, function, module

Automatic test & reporting on the applied protections

Symmetric encryption: AES128 with ECB/CBC/CTR modes

Asymmetric encryption: ElGamal on the NIST P-256 curve

Hash functions: SHA-1/SHA-256

Symmetric Authentication: AES-CMAC

Signature: ECDSA-SHA-256 on the NIST P-256 curve

Diversification per client or per device

Full control on the (re)generation of your whitebox

Device binded key/value database

Encryption and authentication of data

Only decrypt what you use

Rely on hardware security components if available (e.g. Android KeyStore)

Small code and memory footprint

Languages C/C++, Java, Kotlin (Beta) API
Security policy External YAML configuration or Pragma in the code API
Targeted Platforms Android, iOS, Linux, Windows, OS X, WebAssemblyAndroid, iOS, Linux, Windows, OS X Android, Linux
Supported Architectures ARM, ARM64,x86, x86_64
IDE integrations Apple XCode, Microsoft Visual Studio, & Google Android NDK
Sec/Dev/Ops (CI Integrations) Gitlab, Jenkins

Robust & proven Software Protection Tool (SPT)

Faster certification time for payment vendors

All Quarks AppShield components have been successfully certified under the stringent evaluation process for Software-Based Mobile Payment Solution, by a independant third-party lab.

Quarks AppShield is also the first product worldwide to have a white-box cryptography component certified under this evaluation process.

This certification guarantees a high level of security assurance as technologies evaluated under this process must showcase a high level of robustness, which is of importance for mobile payment applications, and can be further leveraged for other applications such as for the entertainment industry or protecting software Intellectual Property.

Ready to protect your most sensitive assets?

Reach out to our experts for a product demonstration

Related Resources

Securing Mobile Payment Applications

Securing Mobile Payment Applications

Payment systems are at the heart of the global economy. Over the past few decades, electronic payments have grown at a fast pace, supplanting traditional payment systems such as cheques and cash to become the current standard.  These systems have evolved over the...

read more
Cases studies – Viaccess Orca

Cases studies – Viaccess Orca

The streaming video market is estimated to reach 110 billion euros by 2024, with an average annual growth of almost 20%. Boosted by mobile devices, ever more powerful 4G and soon 5G connections, online video consumption is here to stay. Viaccess-Orca (VO) is one of...

read more
Infographic – Mobile Payment

Infographic – Mobile Payment

Discover in the infographics below how mobile payment works and what are the risks and threats  with the development of payments from mobile platforms.

read more