Data Theorem Identifies more than 100M Eavesdropping Attempts on iOS and Android Applications through Growing TrustKit Community

New TrustKit Analytics Service adds Advanced Security Insights to Leading Open-Source Mobile App Security Solution for Protecting Modern Apps and User Data

Data Theorem's TrustKit has identified more than 100 million eavesdropping attempts on iOS and Android applications, where apps in active mode have blocked 100 percent of those attempts. TrustKit, with its growing community of thousands of application developers, is furthering anti-eavesdropping as a new standard in mobile application security. (Graphic: Business Wire)

PALO ALTO, Calif.--()--Data Theorem, Inc., a leading provider of modern application security, today announced the availability of TrustKit Analytics, a new service for the TrustKit community that delivers advanced security insights.

In addition, the company announced that since TrustKit’s release in 2015, it has identified more than 100 million eavesdropping attempts on iOS and Android applications, where apps in active mode have blocked 100 percent of those attempts. TrustKit, with its growing community of thousands of application developers, is furthering anti-eavesdropping as a new standard in mobile application security.

“Protecting the privacy of our users and their data strengthens our brand,” said Prasad Palkar, Vice President and General Manager, Security Products at Aruba, a Hewlett-Packard Enterprise company. “Whenever new technologies make it easier to do the right thing, then it’s important we adopt and acknowledge those capabilities. TrustKit and its open source community are an example of making encrypted communication better and easier for mobile applications.”

Leveraging SSL Pinning, TrustKit enables mobile apps to provide comprehensive protection for the transmission of data. While SSL pinning has existed as a concept, the TrustKit free open-source software development kit (SDK) is the industry’s first solution to significantly ease the equipping of mobile applications with SSL pinning, enabling them to encrypt all communications, actively stop eavesdropping and block SSL man-in-the-middle (MiTM) attacks. This helps ensure user privacy, maintain data integrity, stop unauthorized spyware, and block unknown attackers from stealing user identity.

“TrustKit’s rapid growth and adoption represent an inflection point for mobile application security that benefits the privacy of user communication,” said Alban Diquet, Data Theorem Head of Engineering and author of TrustKit. “We owe it to our community for their adoption and work with us, which has allowed our new analytics service to deliver unique security insights to help customers understand how their applications are being violated from a privacy standpoint. Through this effort with our community, customers can develop mobile applications to be more secure with mobile than their web browser equivalent applications.”

TrustKit Analytics is a new and free service for all TrustKit SDK users, delivering global visualization (geotagging) of the locations with the most eavesdropping attempts. The analytics service shows what percentage of eavesdropping attempts were actively blocked versus passively monitored, and whether the attempts came from end user device spyware, insecure public Wi-Fi, or corporate employer network monitoring. TrustKit Analytics also provides an easy path for customers to avoid irreversible downtime by setting up alerts to prevent malicious domain forging of SSL certificates and early detection of pinning misconfigurations. These alerts help customers avoid embarrassing mistakes and the loss of business due to avoidable downtime.

SSL pinning is a security capability that developers can leverage to prevent eavesdropping (MiTM) from occurring on data that transfers to and from their mobile apps by ensuring the client checks the server-side certificate against a known copy of that certificate. While the concept is well known, it has traditionally been difficult and time-consuming to implement, since it requires both significant operational and code-level changes. TrustKit facilitates code-level implementation to a matter of minutes by providing “drag and drop” SSL public key pinning. Whenever an eavesdropping attempt occurs, the TrustKit SDK within the application sends a notification report back to Data Theorem for the delivery of rich analytics, visualizations, and alerts of malicious attacks and potential downtime.

Download and Availability

Data Theorem’s TrustKit Analytics are now available free for all TrustKit open source developers and users. For more information, see: https://analytics.datatheorem.com/. To download the developer SDK, see: https://github.com/datatheorem/TrustKit/.

About Data Theorem

Data Theorem secures today’s popular applications. The technology scans modern applications on a continuous basis in search of security flaws and data privacy gaps. The core mission of Data Theorem is to analyze and secure any modern application anytime, anywhere. Empowering companies with secure code, such as TrustKit, allows companies to build safer apps that protect data better. Data Theorem was founded in Palo Alto, Calif., with international offices in Paris, France and Bangalore, India. For more information visit www.datatheorem.com.

Data Theorem and TrustKit are trademarks of Data Theorem, Inc. All other trademarks are the property of their respective owners.

Contacts

Data Theorem, Inc.
Dan Spalding, 408-960-9297
dan@datatheorem.com

Contacts

Data Theorem, Inc.
Dan Spalding, 408-960-9297
dan@datatheorem.com