Data Theorem Identifies more than 100M Eavesdropping Attempts on iOS and Android Apps

Palo Alto, Calif., June 28, 2018

Data Theorem, Inc., a leading provider of modern application security, today announced the availability of TrustKit Analytics, a new service for the TrustKit community that delivers advanced security insights.

Data Theorem’s TrustKit has identified more than 100 million eavesdropping attempts on iOS and Android applications, where apps in active mode have blocked 100 percent of those attempts.

In addition, the company announced that since TrustKit’s release in 2015, it has identified more than 100 million eavesdropping attempts on iOS and Android applications, where apps in active mode have blocked 100 percent of those attempts. TrustKit, with its growing community of thousands of application developers, is furthering anti-eavesdropping as a new standard in mobile application security.

“Protecting the privacy of our users and their data strengthens our brand,” said Prasad Palkar, Vice President and General Manager, Security Products at Aruba, a Hewlett-Packard Enterprise company. “Whenever new technologies make it easier to do the right thing, then it’s important we adopt and acknowledge those capabilities. TrustKit and its open source community are an example of making encrypted communication better and easier for mobile applications.”

Leveraging SSL Pinning, TrustKit enables mobile apps to provide comprehensive protection for the transmission of data. While SSL pinning has existed as a concept, the TrustKit free open-source software development kit (SDK) is the industry’s first solution to significantly ease the equipping of mobile applications with SSL pinning, enabling them to encrypt all communications, actively stop eavesdropping and block SSL man-in-the-middle (MiTM) attacks. This helps ensure user privacy, maintain data integrity, stop unauthorized spyware, and block unknown attackers from stealing user identity.

“TrustKit’s rapid growth and adoption represent an inflection point for mobile application security that benefits the privacy of user communication,” said Alban Diquet, Data Theorem Head of Engineering and author of TrustKit. “We owe it to our community for their adoption and work with us, which has allowed our new analytics service to deliver unique security insights to help customers understand how their applications are being violated from a privacy standpoint. Through this effort with our community, customers can develop mobile applications to be more secure with mobile than their web browser equivalent applications.”

TrustKit Analytics is a new and free service for all TrustKit SDK users, delivering global visualization (geotagging) of the locations with the most eavesdropping attempts. The analytics service shows what percentage of eavesdropping attempts were actively blocked versus passively monitored, and whether the attempts came from end user device spyware, insecure public Wi-Fi, or corporate employer network monitoring. TrustKit Analytics also provides an easy path for customers to avoid irreversible downtime by setting up alerts to prevent malicious domain forging of SSL certificates and early detection of pinning misconfigurations. These alerts help customers avoid embarrassing mistakes and the loss of business due to avoidable downtime.

SSL pinning is a security capability that developers can leverage to prevent eavesdropping (MiTM) from occurring on data that transfers to and from their mobile apps by ensuring the client checks the server-side certificate against a known copy of that certificate. While the concept is well known, it has traditionally been difficult and time-consuming to implement, since it requires both significant operational and code-level changes. TrustKit facilitates code-level implementation to a matter of minutes by providing “drag and drop” SSL public key pinning. Whenever an eavesdropping attempt occurs, the TrustKit SDK within the application sends a notification report back to Data Theorem for the delivery of rich analytics, visualizations, and alerts of malicious attacks and potential downtime.

Download and Availability

Data Theorem’s TrustKit is available free for open source developers and users. For more information, see: https://analytics.datatheorem.com. To download the developer SDK, see: https://github.com/datatheorem/TrustKit.

Media Contact

Dan Spalding
[email protected]
(408) 960-9297

About Data Theorem

Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection. The company has detected more than 300 million application eavesdropping incidents and currently secures more than 4,000 modern applications for its Enterprise customers around the world.

Data Theorem is headquartered in Palo Alto, Calif., with offices in New York, Paris, France, and Bangalore, India. For more information visit https://www.datatheorem.com.

Top 6 Security Needs for APIs and Serverless Apps

On-Demand Webinar (36 min)

Securing APIs across Amazon Lambda, Google Cloud Functions and Azure Functions