IBM® Trusteer® Mobile SDK provides a dedicated security library for Apple iOS and Google Android platforms. The library can be embedded in proprietary mobile banking and e-commerce applications to detect compromised and vulnerable devices and generate persistent device IDs.

IBM Trusteer Mobile SDK delivers:

  • High-risk access detection from compromised or vulnerable mobile devices
  • A persistent mobile device ID that is generated based on hardware and software attributes and is resilient to application reinstallation
  • Augmented certificate authority security to detect and block many kinds of man-in-the-middle attacks
  • Enhanced active protection for rooted mobile devices that helps prevent attacks by cybercriminals

High-risk access detection

  • Collects device risk factors when the mobile application is opened
  • Provides risk data to the mobile banking applications, which can be used to restrict functionality based on the device risk level
  • Offers the ability to limit specific application functions, such as adding a payee or transferring money on a rooted or jailbroken device
  • Provides the ability to correlate risk data with additional device and account risk factors, such as malware infections, to flag high-risk access and transactions
  • Identifies a wide range of data, including risk data (jailbreak/rooting, financial malware, operating system patching); device data (persistent device ID, WiFi connection, SIM data); account data (user ID) and encrypted bank data (session ID)

A persistent mobile device ID

  • Allows organizations to distinctly identify any device using the native mobile banking application
  • Is associated with the user account and identifies the device, even after the phone is reimaged
  • Helps verify that new devices are identified, login attempts from known devices are unchallenged and potential fraudster devices are flagged

Augmented certificate authority security

  • Provides Certificate Pinning, also known as SSL Pinning
  • Obtains the server certificate and checks it against the trusted validation data
  • Bundles the validation data with the application in the form of a trusted copy of that certificate
  • Delivers the validation data in a trusted hash or fingerprint of that certificate or the public key of the certificate

Enhanced active protection

  • Protects the Android rooting process that can provide attackers with additional privileges on the operating system, enabling different attack vectors
  • Allows detection of root evasion techniques on Android devices such as root hiders and active hiding techniques