IBM® Security Trusteer® Mobile SDK provides a dedicated security library for Apple iOS and Google Android platforms. The library can be embedded in proprietary mobile banking and e-commerce applications to detect compromised and vulnerable devices and generate persistent device IDs.

IBM Security Trusteer Mobile SDK provides:

  • High-risk access detection from compromised or vulnerable mobile devices.
  • A persistent mobile device ID that is generated based on hardware and software attributes and is resilient to application reinstallation.
  • Augmented certificate authority security to detect and block many kinds of man-in-the-middle attacks.
  • Enhanced active protection for rooted mobile devices that helps prevent attacks by cybercriminals.

High-risk access detection

  • Collects device risk factors when the mobile application is opened.
  • Provides risk data to the mobile banking applications, which can be used to restrict functionality based on the device risk level.
  • Offers the ability to limit specific application functions, such as adding a payee or transferring money on a rooted or jailbroken device.
  • Provides the ability to correlate risk data with additional device and account risk factors, such as malware infections, to flag high-risk access and transactions.
  • Identifies a wide range of data, including risk data (jailbreak/rooting, financial malware, operating system patching); device data (persistent device ID, WiFi connection, SIM data); account data (user ID) and encrypted bank data (session ID).

A persistent mobile device ID

  • Allows organizations to distinctly identify any device using the native mobile banking application.
  • Is associated with the user account and identifies the device, even after the phone is reimaged.
  • Helps verify that new devices are identified, login attempts from known devices are unchallenged and potential fraudster devices are flagged.

Augmented certificate authority security

  • Provides Certificate Pinning, also known as SSL Pinning.
  • Obtains the server certificate and checks it against the trusted validation data.
  • Bundles the validation data with the application in the form of a trusted copy of that certificate.
  • Delivers the validation data in a trusted hash or fingerprint of that certificate or the public key of the certificate.

Enhanced active protection

  • Protects the Android rooting process that can provide attackers with additional privileges on the operating system, enabling different attack vectors.
  • Allows detection of root evasion techniques on Android devices such as root hiders and active hiding techniques.