Securing Mobile Devices with Mobile Native Detection

As mobile app usage continues to increase, so does the potential for fraud. Fraudsters are finding new ways to exploit vulnerabilities in mobile devices that enable device spoofing, circumventing device fingerprinting methods, and large-scale attacks from a handful of devices. Protecting businesses and their customers from these threats requires the use of risk, trust, fraud, bots and behavior detection services that can leverage a wider range of telemetry and risk signals.

One way to gain more robust telemetry to detect risk in mobile devices is to leverage mobile detection SDKs, which expand on the amount of device metadata exposed by webSDKs. In this blog post, we’ll provide an overview of the problem space and attack methods used to target mobile devices and the benefits of native SDKs for detecting risk, trust, fraud, bots and behavior on mobile devices.

The growing threat of mobile device fraud

Mobile devices have become an integral part of our daily lives, with increased usage driven by a rise in mobile banking, e-commerce and other sensitive transactions, especially among Gen Z. As a result, mobile devices have become more attractive targets for cybercriminals looking for a foothold into users’ accounts to commit fraud, steal personally identifying information, access corporate networks and engage in other malicious activities. 

In fact, mobile devices now account for over 60% of all digital fraud — a number that is likely to rise as organized crime rings, online marketplaces and generative AI continue to lower the bar for waging sophisticated attacks. 

Mobile device attack methods

To gain access to the wealth of information and increasing amount of financial data exposed by smartphones and other mobile devices, fraudsters are leveraging a range of attack methods used to target mobile devices. Some of these methods include: 

• Device takeover: This attack method enables attackers to gain remote access to a victim’s device, often by exploiting a remote desktop connection (RDC), in order to steal data, circumvent two-factor authentication, or gain access to online banking credentials and other accounts. 
• Rooting or jailbreaking devices: Rooting (on Android devices) or jailbreaking (on iOS devices) are processes used to remove the limitations placed on mobile devices by manufacturers, enabling bad actors to circumvent the built-in features designed to protect devices against malware and other threats.
• SIM swapping: SIM swapping involves taking over the victim’s phone number by transferring it to a new SIM card. Attackers can then use the phone number to access sensitive information, such as bank accounts or social media profiles.
• Mobile banking trojans: Mobile banking trojans like Xenomorpoh are applications that pose as legitimate apps in order to trick users into downloading malware onto their devices. Once installed, fraudsters can use trojans to steal credentials and commit ATO. 
• Mobile emulators: Mobile emulators are software tools that simulate a mobile device’s hardware and software environment. Although they can be used for legitimate purposes, like gaming or mobile app development and testing, fraudsters are increasingly using mobile emulators to test and bypass security measures by posing as legitimate or trusted devices. 
• App cloning: App cloning is the act of running multiple instances of an app on the same device with different IP addresses, device IDs, user profiles or other configurations. This can make it more difficult to detect fraudulent activities and can even degrade security measures like device fingerprints since it enables the use of environment variables that differ between the original app and the cloned one. 
• Proxies and VPNs: Fraudsters can use proxies and VPNs to hide the IP addresses and location of mobile devices, making it more difficult to detect anomalies in mobile device usage. 

As a result of these increasingly evasive methods, it has become more difficult for businesses to distinguish between trusted users’ devices and devices that have been spoofed or compromised. This complicates businesses’ ability to leverage legitimate users’ known devices as a trust anchor to reduce friction — making it imperative that fraud and security teams leverage robust telemetry to detect risk and trust in mobile devices. 

Benefits of native detection for mobile devices 

Native detection SDKs are software development kits that are specifically designed for mobile devices. They are designed specifically for mobile devices and can be integrated into mobile apps to gain access to more device metadata than webSDKs, as they have access to low-level system information and hardware components that allows for a more comprehensive view of the device’s behavior.

This includes the ability to collect more detailed information, such as sensor data, mobile network data and country codes, and other information which can be used to identify potential risks or attacks. Additionally, native detection SDKs can leverage operating system APIs to monitor for changes in device settings or behavior, and can more effectively detect tampering attempts or other suspicious activity.

In addition, native detection SDKs can run in the background of the device, allowing for continuous real-time detection and faster threat response, and they can be easily integrated into mobile apps for straightforward implementation with a short time to value.

Mobile SDKs for Detection and Response with Transmit Security

Transmit Security’s best-in-class risk, trust, fraud, bots and behavior Detection and Response Services have native SDKs for both Android and iOS, enabling more robust detection of the growing threats that target mobile devices and applications. In our Transmit Security Research Labs, our researchers have developed sophisticated techniques that leverage our mobile SDKs to detect a wide range of risk signals, including mobile emulators, network mismatches, app cloning, rooting and jailbreaking, that can indicate threats to mobile applications. 

In the next blog in this series, we’ll delve further into the differences and similarities between iOS and Android native detection and review how our Android and iOS SDKs can be used to detect emerging fraud techniques. To find out more about our native mobile SDKs for Detection and Response, check out the documentation page here.