This trio found loopholes in 80% of the top apps they tested, founded Appknox
Appknox is an automated testing tool for application developers and enterprises to help them identify and fix security loopholes in their applications. They offer continuous-testing-as-a-service to developers by providing regular security audits for their applications and alerting them to new vulnerabilities as they arise. Headquartered in Singapore, Appknox was started in January 2014 by Harshit Agarwal, Subho Halder and Prateek Panda.
Subho has been working in the security space for over two years now and they started working on Appknox when they understood that security is taking a backseat in the development lifecycle of application development, leading to distressed consumers. Research published by Appknox has revealed that 80 percent of top hundred apps in the major app stores have security vulnerabilities. Subho says, “The problem is that the mobile app coders tend to be feature-oriented and inexperienced at secure coding practices. The industry’s stance on security tends to be reactive, only paying attention when data theft occurs or vulnerability is disclosed by a third party hacker." Security lapse leads to public backlash, massive and distracting cleanup jobs and loss of consumer confidence in mobile apps.
Every major brand is shifting its focus on mobile devices for delivery of their services and increasing their brand presence. Gartner report predicts that by 2015, more than 75 percent of the mobile applications will fail the basic security tests. “We have found vulnerabilities in Facebook, Google, Microsoft, Skype, PayPal and many more, and are included in their hall of fame. Initially, we scanned the Top 100 grossing apps in the Android App Store and found out that over 80 percent of them were vulnerable. Since we had a base in Singapore and India, we reached out to the top apps here in India and Singapore and almost all of them got back to us,” says Subho.
There are many offline solutions to test mobile app security. However, most of these are manual scans which do penetration testing on demand which are time consuming and not cost effective. Online solutions offer mobile app scans and produces reports for static and dynamic test cases, but may not be a practical solution for brands without big budgets.
Appknox provides an easy-to-use security auditing tool for both source code and application binary file analysis by regularly scanning the mobile apps automatically both before and after they are published and alerts them about vulnerabilities as and when they are identified. The team claims that Appknox is a self-learning system which updates threat triggered by one app, and will benefit all other apps in the system. A continuous scoring system helps app developers maintain good coding practices thus assuring a high quality of code. Scanner is smart enough to find all the threats and loopholes with only binary code and updates any new threat within 48 hours.
Appknox is a part of Joyful Frog Digital Incubator in Singapore (JFDI Asia) and currently a part of the Microsoft Ventures Accelerator in India. With the rise of mobile and apps, solutions like that of Appknox will certainly be of interest to many.
If the world of mobile interests you, don't miss MobileSparks 2014.