Silicon Vault, by Build38, makes data storage on mobile devices more secure

Silicon Vault, by Build38, makes data storage on mobile devices more secure

Product update ensures improved control over sensitive data

With the Trusted Application Kit (T.A.K) Build38 has developed a software development kit (SDK) that protects mobile apps from all online threats. In order to adapt the T.A.K to new security requirements, the provider has now added Silicon Vault to its tool, which uses the hardware (HW)-backed storage capabilities of modern smartphones. This means that certificates, API keys, sensitive data and health information, among other things, can be stored on the mobile device even more securely than before.

Business and digital use cases are evolving at an ever-increasing pace these days, from eGovernment to healthcare to automotive use cases. This makes it all the more important to constantly adapt the mobile app security to the current requirements and the threat situation. Build38’s T.A.K already contains all the necessary security functions for mobile apps. This security framework can be integrated in under three minutes during app development.

With Silicon Vault, Build38 has supplemented the T.A.K with a new security feature that uses hardware-based symmetric and asymmetric cryptography on mobile devices. In this way, data storage can be effectively secured in the future. Other T.A.K features such as Secure Storage – which has been available for a long time – signature creation and TLS authentication also benefit from this increased level of security.

“With the extension of our solution, we are pushing the step towards further digital sovereignty for our customers and partners,” says Torsten Leibner, Head of Product Management at Build38. “The new feature enables us to provide maximum security for modern use cases when using mobile apps. Security-relevant information remains on the end device and is securely stored there.”

Torsten Leibner, Head of Product Management von Build38
Torsten Leibner, Head of Product Management, Build38

In-App Protection integrated fastly and easily

Integrate In-App Protection quickly and easily

Integrate In-App Protection quickly and easily

App security in three minutes

Things you can do in under ten minutes: get a coffee, read this blog text, develop secure apps … But wait – doesn’t it actually take several months and lots of money to make an app truly secure? We dispel this fallacy and show how In-App Protection can be incorporated into application development in under three minutes.

App security is still often neglected in the development phase. In most cases, developers lack the time and expertise to comprehensively develop and integrate the security layer. Many companies still focus first on the design and the fastest possible launch date.

At this point, a “low-cost” and quick market launch is still at odds with comprehensive In-App Protection, which is included in the development right from the start. So far, this was understandable in a certain extent, because it would take about 400 months of development (including the server side) to develop an app that is secure down to the smallest detail. If you now assume that a developer month costs around 10,000 euros, it is easy to calculate the costs a company can face here.

400 months vs. 3 minutes – not possible? You bet!

We have documented the fact that it is possible to make an app secure in just three minutes in an integration video of our Software Development Kit T.A.K:

  • Step 1:

Adding T.A.K to an Android Studio project.

  • Step 2:

Adding T.A.K as a dependency to the app module.

  • Step 3:

Initializing T.A.K and registering to the T.A.K Service

  • Step 4:

Retrieving device-specific data, such as T.A.K ID or client certificate.

  • Step 5:

Using the Secure Storage, which ensures highly secure storage of confidential, sensitive or personal data.

  • Step 6:

Using the File Protector to protect resources and assets during development. The information only needs to be decrypted when needed.

  • Step 7:

Assessing the runtime environment ensures that the app will run on a secure device.

  • Step 8:

Using the secure channel to prevent data interception, data leakage and to provide highly secure access to the server.

  • Step 9:

Releasing T.A.K.

This enormous time saving enables a developer to take care of what he is actually supposed to take care of: developing an app according to the customer’s requirements – in terms of functionality and design – and yet not neglecting security. At the same time, of course, this also gives him the scope to develop multiple apps in a short time.

Because what companies should always be aware of: Their apps are used by end users without them as the app operators still having control over them. It is therefore essential to secure applications against unauthorized modifications, data breaches and malware right from the development stage. Once an app has been compromised, cyber criminals can gain access to private data or, ultimately, into the company network via this gateway. With data loss, financial damage and damage to reputation, this can have negative consequences for the app operator in the short term, which can also have a long-term impact on the company’s success.

Insights from our CEO at EuroCIS Düsseldorf

First pictures from our CEO Dr. Christian Schläger and Head of Finance Tillmann Gmelin at EuroCIS in Düsseldorf, starting this morning. We took all the experiences from Tel Aviv with us to welcome Build38 guests with analytics and insights on app hardening  - and a fair amount of chocolate. Christian will be there for today, if you want to chat with our CEO, take the chance.