Securing apps on the most secure mobile platform: Metaforic hits BlackBerry 10
Metaforic has extended its app protection system to be compatible with the upcoming BlackBerry 10 operating system.
Metaforic, a UK-based security company originally funded by the Scottish government, has been around since 2006 and already makes products for Android and iOS. On Tuesday it announced it was adding BlackBerry 10 to the fold at the request of a large DRM customer, Douglas Kinloch, vice president of business development at Metaforic, told ZDNet.
Unlike other security or mobile device management (MDM) vendors, Metaforic's system doesn't aim to secure the platform as a whole or at specific points of vulnerability. Instead it secures the app itself as it is being built and 'immunises' it against attack from malicious software in various ways.
However, given that RIM's BlackBerry platform has always traditionally been regarded as one of the most secure, if not the most secure, mobile platform, what does Metaforic have to offer?
"It traditionally has been an extremely secure platform, we've all known that from government and enterprise users, and from everything we've seen we would expect that BlackBerry 10 will be just that," Kinloch said. "However, the applications that are going to be supplied through the various app stores may not necessarily use all the full capabilities of BlackBerry 10, or there may be something specific that our customers would like to add to the protection of the software.
"What we're hardening are the software applications themselves, regardless of what happens to that particular device," he added.
In order to do this, Metaforic uses a combination of approaches, including anti-tamper capabilities, an authenticator to ensure software is communicating with the intended recipient, and protection against attacks that use hardware breakpoints to interfere with software operations.
"It traditionally has been an extremely secure platform... and from everything we've seen we would expect that BlackBerry 10 will be just that" — Douglas Kinloch, Metaforic
"What we're doing is injecting security primitives, very small pieces of code, automatically into an application as a developer is building it. This works on any platform, from servers down to handheld games consoles, the principle is identical," Kinloch said. "These individual 'fragments' of software are interrelated and check 100 percent of the code that is being compiled, including pre-compiled areas, such as libraries, that some applications will be using as part of their overall process.
"If anybody tries to make a change to the application or tries to analyse, or identify and remove any of our security checks, they will not be able to do so without triggering a [defensive] response from our system."
While Kinloch conceded that the company could "do a little more" on the Android platform due to the more stringent app signing processes on the iOS and BlackBerry App World stores, he said that all versions were fully featured with no omissions on any platform. He also confirmed that the company was keeping its eyes open for new platforms to support in the future, including Linux-based ones.
"The challenge for open source is that many of the bad guys know the open source as much as the good guys," Kinloch said.