Mobile security

Citizen expectations for mobile security

The digitalization of public services and citizens' identity bring tremendous advantages but this step-change is accompanied by growing mobile security threats.

We recently analyzed 1,300 interviews conducted across Brazil, UK, South Africa, Singapore, the Netherlands and the U.S. and uncovered some interesting findings about citizens' expectations for mobile security. 

80% of end-users understand they can't have a total mobile experience without security and admit they would do much more online if they could trust their mobile app to be secure.  We can see a huge opportunity for governments who fulfill their citizens' expectations for mobile security: 

  • If they knew their app was secure, 70% of users would like to have digital identity documents (national ID, driver's license, passport) embarked on their smartphone
  • If they knew their app was secure, 36% would sign official documents or declarations online, using a mobile identity
  • If they could benefit from reliable mobile security, 66% admit they would perform more government to citizen transactions online

With Gemalto Mobile Security Core inside, Gemalto Mobile ID Smart App and Digital ID Wallet are protected from the most sophisticated and targeted malware, securing one of the most valuable government asset: citizen TRUST.

Mobile Security Core is our comprehensive in-house mobile application shielding that integrates all the best practices the company has built and implemented over the years in the digital world to secure our mobile apps and guarantee their data integrity.  With such robust security foundations, governments can take on smart city initiatives with peace of mind and trust us with their digital identity programs so they can be trusted by their citizens. 

Layered security

Mobile identity apps containing user identity credentials and private keys must be protected at all time. This is why Gemalto designed its Mobile Security Core to deliver best-in-class security and protect Gemalto Mobile ID Smart App and Gemalto Digital ID Wallet against threats and malware attacks, while fulfilling government's highest and stringent security requirements. 

To combat growing levels of sophistication from hackers, it is important to adopt a layered approach to security. Cyber-attackers are skilled at identifying points of weakness in the mobile ecosystem, so it is crucial to make it very difficult for them to attack each part of the app experience, using layers of security. 

Gemalto Mobile Security Core offers this layered approach and enables Gemalto Mobile ID Smart App and Gemalto Digital ID Wallet to become self-resilient and deal with the dynamic nature of malwares. The use of Gemalto Mobile Security Core gives the apps the much-needed ability to:

Defend themselves

>Integrity of the mobile app
>Sensitive assets

 

Detect

>Unsafe environments
>Attack attempts

 

React

>Stop execution
>Perform custom actions such as warning users or sending an alert to the identity provider's risk-management server

Mobile Software Security at Work, Key Pillars

Gemalto Mobile Security Core provides advanced and tailor-made security features based on key pillars: 

Runtime Application Self Protection (RASP)

It offers dynamic attack analysis and Operating System (Android and IOS) vulnerabilities detection to enable the app to detect unsecure environments and also hackers or malware trying to scrutinize applications at runtime and/or tamper their behavior. For maximum efficiency we use multiple detection techniques including jailbreak/root detection, anti-hooking, anti-emulator, anti-debug, anti-tampering, etc…

Root / Jailbreak detection

Find out how secure environment detection works, with mobile apps detecting Operating System (Android and IOS) vulnerabilities and reacting accordingly.
Watch the video

Obfuscation

Gemalto Mobile Security Core offers protection against static analysis (code hardening). It secures the application against cloning, piracy, tampering, key extraction and reverse engineering by applying state-of-the-art and intensive code obfuscation and encryption techniques to prevent the code logic and structure from being revealed in clear.
Watch the video

Data encryption

Data encryption protects sensitive data from being revealed in clear.
Watch the video

Secure storage

Gemalto secure storage uses multiple layers of encryption to protect its cryptographic keys and secure credentials which are stored within the mobile identity application itself.

Secure User Interface

Finally, Gemalto Mobile Security Core offers a secure keypad, which is a unique feature on the market. This secure PIN pad guarantees that PIN can't be subject to key loggers and greatly mitigates possibility to discover PIN in memory thanks to permanent encryption.
Watch the video

Mobile Security Expertise

Gemalto Mobile Security Core is the result of a clear and continuously innovative technology roadmap.  Our offering sets us apart from competition both in terms of security and flexibility as well as resilience and service availability.

Each of these secure components rely on Thales' unrivalled experience and are developed by a team of mobile security and cryptographic expert, audited by external independent experts to guarantee state of the art mobile software security:

  • World-class cryptographic expertise
  • Dedicated mobile security team in charge of security researches, ethical hacking and security component delivery
  • Architecture and developments validated with independent external mobile security expertise
  • Security architecture designed to easily incorporate additional protections
  • Regularly updated with new detection and all the latest security reinforcements
  • All cryptographic keys created, stored and encrypted for transit in backend are protected using market leading Thales SafeNet HSMs