Gebäude TÜV Austria

Mobile app security through security framework: Build38 enters into distribution partnership with TÜV AUSTRIA subsidiary SPP

Mobile app security through security framework: Build38 enters into distribution partnership with TÜV AUSTRIA subsidiary SPP

Expansion of the partner network in the DACH region

Munich, February 23, 2021 – With the number of mobile applications growing every day, the topic of app security plays an important role worldwide. Attacks, in which cybercriminals gain access to apps via security vulnerabilities and thus obtain sensitive data, occur again and again. To solve this global problem and make apps secure, Build38 has developed a Software Development Kit (SDK) that includes a collection of essential security features. To make its SDK available to even more companies in the future, the solution provider is pursuing the expansion of its partner network. By cooperating with the reseller SPP, a wholly owned subsidiary of the TÜV AUSTRIA Group, Build38 is taking another important step in this direction.

Mobile applications on smartphones and tablets have become an indispensable part of everyday life. With the constant use of apps, it is important that they are completely secure so that hackers cannot gain access to it and manipulate it or be able to pick off data. Consequently, every app should be equipped with the necessary security features during development, which the framework from Build38 includes. This allows all Android and iOS apps to be secured from the ground up, so developers, operators and users no longer have to worry about potential cyberattacks.

Expansion of sales activities

Through the newly concluded partnership with TÜV AUSTRIA Group member SPP, Build38 is opening up a new sales channel in the DACH region. "We are pleased to have gained another experienced and well-positioned partner," says Dr. Christian Schläger, Managing Director at Build38. "TÜV AUSTRIA Group's international focus and wide range of authorizations give us the opportunity to offer our mobile app security solutions in additional markets with immediate effect. It is important to us to draw attention worldwide to the need for app security, which can be ensured easily and quickly with our SDK. SPP and TÜV AUSTRIA can provide us with excellent support in this regard."

"Mobile security, specifically secure app development, is an increasingly important topic in today's society and economy. Great damage can quickly arise here – both for the operator and the user – if the topic of security is not focused on at an early stage," says Andreas Koeberl, General Manager at SPP. "We have taken a close look at Build38's security framework and see high potential in it for a holistic security concept for apps."

Andreas Koeberl, General Manager SPP

Andreas Koeberl, General Manager SPP


Sicherheit für den Digital Car Key

Digital Car Key: Open the car safely with your smartphone

Digital Car Key: Open the car safely with your smartphone

The world is becoming more and more digital. An indispensable part of our daily life: smartphones and tablets. As a matter of course, we almost constantly use our mobile companions to google something, make contactless payments or switch on the light in the living room. The flood of apps that are added every day in the App or Google Play Store is almost endless. In the wide world of the stores, there are also mobile applications with which vehicles can be locked and unlocked via cell phone. Such digital key apps are extremely popular not only with many drivers, but especially with hackers. As a result, it is important to take appropriate measures right from the start of the app development to protect the practical digital car key from being accessed by third parties.

Due to the corona pandemic, businesses are increasingly calling for contactless payments. In the course of this, many have already switched to mobile payment and pull out their cell phone or smartwatch at the checkout to settle the bill. What we know from the financial sector has meanwhile also found its way into the automotive sector: the digital car key is enjoying increasing popularity. With the appropriate installed app, future-proof cars can easily be opened and closed again using a smartphone. This offers a pleasant comfort.

However, some automobile owners do not have trust in such modern technology as there is a lot of media coverage of vehicles that have been hacked remotely. To solve such concerns, it is essential that manufacturers adequately protect their digital key apps. This is the only way to guarantee customers security when using the technology. Maximum and sustainable protection should already play a central role in the planning and early implementation phase. Thereby, many of those responsible do not have on their radar that there are multi-layered security frameworks that make the work much easier.

Integrate framework – lock out hackers

A Software Development Kit (SDK) like our Trusted Application Kit (T.A.K) holds a collection of security features that every app needs. Developers of a mobile car key app can integrate the SDK without much effort and in a short time. This ensures that the secret keys in the mobile app are not accessible to unauthorized persons using cryptographic technology. Due to the secure storage of the keys in the smartphone, there is the additional advantage that no network signal is required to access the car. Even if it was parked in an underground garage where the connection is insufficient, the vehicle can be opened without any problems. Furthermore, the integration of our T.A.K allows several people to access the digital key without compromising security.

To ensure that hackers have no chance of accessing the mobile car key, the SDK is made available to developers and providers as a library with code obfuscation, which makes decryption much more difficult. In addition, the app protection uses a secure communication channel between the client and the cloud and provides each app, including the digital car key, with its own secure communication channel. The secure communication channel to the server prevents data traffic analysis (network sniffing). Therefore, the T.A.K should be integrated into the app at the beginning of the development so that it can respond directly to threats later during execution. The integrated Trusted Application Kit can, for example, detect whether the mobile car key is being executed on an original device or a rooted device. Beyond that, the digital car key can be declared inactive via the T.A.K cloud.

Advantages for the users

  • They can use the digital car key unhesitating and benefit from everyday convenience without worrying about the security risks.

Advantages for the automotive industry

  • The T.A.K increases the security of many operating system versions and thus achieves high market coverage/many customers.
  • They strengthen trust in the brand and the technology.
  • It is possible to satisfy the desire of many car owners for security when using such promising technologies.
  • The car owner’s belongings are protected.
  • There are lower costs to develop the technology in an all-around secure way.
  • The app can be launched more quickly because the kit integrates all the essential security aspects required for In-App Protection.
  • Reputational damage can be avoided.

Find out how it all works in practice in our case study with Chongqing Changan Automobile Company.