Quarks AppShield in the Real World
Executive VP R&D, Viaccess-Orca
Reshaping the modern software security posture
In our modern environment, software is present in every aspect of our professional and personal life. As they are crucial in this aspect, applications also contain large amounts of personal, financial and medical data. The ever-growing rise of attacks has shown that building barriers around them is today no longer sufficient to safeguard applications. We must rethink the security approach for these endpoints and integrate protection measures from within, giving them the ability to defend themselves against attacks.
Quarks AppShield is built to this intent and provides a comprehensive set of in-app protection technologies for software running on mobile, desktop and embedded architectures. By layering several protection measures and counter-measures against a wide range of attacks, Quarks AppShield ensures that your applications, data, code and keys are safe.
Three components to protect code, data, and cryptographic keys
Quarks App Protect
Code & Data Protection
Deter attackers trying to reverse-engineer your application by applying several layers of software protection technologies.
Advanced obfuscation: with more than 30 possibilities of scrambling software blocks, functions and modules, the right security combination that works for your application while maximizing performances is at your reach.
Device Trust Assessment: by simply adding a few lines to your source code, your application will be able to defend itself against different types of static and dynamic analysis attempts.
Quarks Keys Protect
Cryptographic Key Protection
Concealing secret keys and unique identifiers from prying eyes is crucial, especially for applications running on untrusted environments.
Our white-box cryptography component hides cryptographic keys and operations in the application’s source code, preventing its recovery by attackers.
Quarks Digital Vault
Data Encryption and Secure Storage
Preventing data leaks and theft of sensitive data, such as Personal Identifiable Information (PII) can be done through encryption.
By combining hardware and software cryptography in a simple library, Quarks Digital Vault enables developers to encrypt sensitive application data easily.
|Quarks App Protect||Quarks Keys Protect||Quarks Digital Vault|
|Protection mode||Static and dynamic||Static and dynamic||Persistent (on disk) keys & data|
Code & Data obfuscation with more than 30 different passes available
Dynamic protections: anti-root, anti-jailbreak, anti-debug, anti-hooking, anti-dynamic analysis
Integrity checks / anti-tampering
Multi-level configuration: block, function, module
Automatic test & reporting on the applied protections
Symmetric encryption: AES128 with ECB/CBC/CTR modes
Asymmetric encryption: ElGamal on the NIST P-256 curve
Hash functions: SHA-1/SHA-256
Symmetric Authentication: AES-CMAC
Signature: ECDSA-SHA-256 on the NIST P-256 curve
Diversification per client or per device
Full control on the (re)generation of your whitebox
Device binded key/value database
Encryption and authentication of data
Only decrypt what you use
Rely on hardware security components if available (e.g. Android KeyStore)
Small code and memory footprint
|Languages||C/C++, Java, Kotlin (Beta)||API|
|Security policy||External YAML configuration or Pragma in the code||API|
|Targeted Platforms||Android, iOS, Linux, Windows, OS X, WebAssembly||Android, iOS, Linux, Windows, OS X||Android, Linux|
|Supported Architectures||ARM, ARM64,x86, x86_64|
|IDE integrations||Apple XCode, Microsoft Visual Studio, & Google Android NDK|
|Sec/Dev/Ops (CI Integrations)||Gitlab, Jenkins|
Robust & proven Software Protection Tool (SPT)
Faster certification time for payment vendors
All Quarks AppShield components have been successfully certified under the stringent evaluation process for Software-Based Mobile Payment Solution, by a independant third-party lab.
Quarks AppShield is also the first product worldwide to have a white-box cryptography component certified under this evaluation process.
This certification guarantees a high level of security assurance as technologies evaluated under this process must showcase a high level of robustness, which is of importance for mobile payment applications, and can be further leveraged for other applications such as for the entertainment industry or protecting software Intellectual Property.
Ready to protect your most sensitive assets?
Reach out to our experts for a product demonstration
Payment systems are at the heart of the global economy. Over the past few decades, electronic payments have grown at a fast pace, supplanting traditional payment systems such as cheques and cash to become the current standard. These systems have evolved over the...
The streaming video market is estimated to reach 110 billion euros by 2024, with an average annual growth of almost 20%. Boosted by mobile devices, ever more powerful 4G and soon 5G connections, online video consumption is here to stay. Viaccess-Orca (VO) is one of...
Discover in the infographics below how mobile payment works and what are the risks and threats with the development of payments from mobile platforms.