Overview
iCard is a popular mobile wallet app in Bulgaria. Backed by over 12 years of industry experience and a large user base, iCard provides services such as bank card management, collection and payment, international transfers, and foreign currency exchange for more than 30 countries and regions in Europe. How to ensure user account and transaction security and prevent itself from being attacked on risky devices have always been the key challenges of iCard.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Challenges
Risky devices undoubtedly affect app systems and users alike. Martin Dimitrov, head of mobile development team in iCard, said, "Jailbreak and root processes essentially alter the operating system and its security level. The more change that the operating system tolerates, the greater the likelihood that a legitimate app will be vulnerable after a device is jailbroken or rooted."
If a user is unaware that their device has been tampered with and signs in to and uses an app on the device, their account and personal data may be at risk and it can be difficult to check the system integrity of devices. iCard needs to integrate a powerful detection capability to check whether the device running the app is risky.
Solution – integrating SysIntegrity API
Fortunately, by integrating the SysIntegrity API of HUAWEI HMS Core Safety Detect Kit, iCard can quickly check whether the device is secure or rooted during user sign-in. SysIntegrity is free for developers to use and works using the Trusted Execution Environment (TEE), and helps app developers build security capabilities to protect user privacy and app security through tamper-proof and reliable check results.
Risk prevention, starting from App login
Martin Dimitrov said, "With SysIntegrity integrated, our app can detect risks once a user signs in to it on a rooted device, and it will then show a security warning to notify the user of possible risks, such as financial losses and information leaks." Furthermore, it only takes 1 person-day to integrate SysIntegrity.
(iCard app displays a message indicating that the phone is risky.)
Martin Dimitrov added, "After integrating SysIntegrity, the instances of risky sign-in on rooted phones have been reduced by around 10% which is a really good number. And we can also make the development process more convenient and efficient."
Results
The instances of risky sign-in on rooted devices reduced by about 10%.
User accounts and transactions are now well safeguarded.
Find out more on:
Huawei developers official page
Experience the easy-integration process on Codelabs
Submit a trouble ticket online for any problems during integration
Rediit: https://www.reddit.com/r/HuaweiDevelopers/
Github: https://github.com/HMS-Core/hms-safetydetect-demo-android
Stack Overflow: https://stackoverflow.com/questions/tagged/huawei-mobile-services?tab=Newest
Very interesting Security.
Related
From ride-hailing, navigation and mobile travel
To gaming, streaming, and social media
Mobile apps have become indispensable in daily life
But increased convenience puts sensitive user data at risk
HMS Core Safety Detect offers unique protections
For comprehensive app security with little effort!
What Is Safety Detect?
Safety Detect is an open multi-dimensional security detection service offered by Huawei, that helps developers bolster app security capabilities, based on the Trusted Execution Environment (TEE) on Huawei phones, without compromising user experience.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
System Integrity Check (SysIntegrity)
SysIntegrity is capable of checking whether the user device is rooted, unlocked, or escalated for higher permissions, and uses this information to help you determine how and when to restrict your app's behavior to avoid potential leaking of sensitive user information or financial information.
A unique advantage of SysIntegrity is that it is based on the TEE OS, which is built into every Huawei phone (running EMUI 9.0 or later). The TEE OS comes with Huawei's in-house microkernel, which has achieved the prestigious CC EAL 5+ certification, and is the first solution of its kind to pass formal verification. Having integrated SysIntegrity, it can isolate apps for bolstered protection, and provide independent privacy security protection services. For example, services with high security requirements, such as the payment services, are provided with the appropriate level of protection in the TEE OS.
App Security Check (AppsCheck)
When your app has integrated AppsCheck, it can obtain a list of malicious apps on the user's device, which provides a strong basis for high-level risk analysis (for risky/virus-infected apps). Users are then warned of the presence of any risks on your app, or prompted to exit your app. According to the three largest global virus evaluation agencies, AppsCheck can detect malicious apps with a staggering accuracy rate of 99%.
Malicious URL Check (URLCheck)
With URLCheck, your app can determine whether a visited URL contains phishing or malware apps. The check strikes the optimal balance between performance and timeliness, and is capable of detecting a wide range of malicious URLs, such as phishing and Trojan-infested URLs. URLCheck is easy to integrate into your app, and provides trusted, operation-free security services, reducing the costs associated with developing secure browsing services.
Fake User Detection (UserDetect)
Fake user detection is critical for app operations, as the presence of fake operations such as game bots, activity bonus hunting, and malicious spamming, can give your app a bad reputation. UserDetect can identify spoofed devices, based on the device signature and identifier, and identity relevant environmental risks, such as roots, simulators, VMs, device change tools, and anonymous IP addresses. It can also recognize fake users based on screen touch and sensor behavior, as well as prevent batch registration, credential stuffing attacks, bonus hunting, and content crawlers. These safeguards provide your app's users with unmatched peace of mind.
Many popular apps have integrated Safety Detect, such as the app for International News Agency and Radio Sputnik, APUS, a popular browser in India and Southeast Asia, and 1998 Camera in Vietnam.
How Can I Integrate HUAWEI Safety Detect?
Each of the four functions in Safety Detect has a dedicated API that is easy to integrate. For guidance during the integration process, please refer to the HUAWEI Developers website, where you will find the integration guide and other resources for reference, or acquire your answers from HUAWEI Developer Forum.
* HMS Core 4.0 courses produced by HUAWEI Developers are now available on Huawei official channels, including Video Center on HUAWEI Developers.
Imagine that one of the players for your game has spent a lot of time and effort becoming an advanced player, but is then unable to use his/her props, level, or points in the game on a new device, simply because they are not signed in to their account. The user would need to start from scratch, which could be so frustrating that they'd opt to uninstall the game. Account Kit can help you avoid this nightmare scenario, by enabling your game to share its digital assets across devices.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Gameloft, an acclaimed and award-winning game publisher, has chosen to integrate Account Kit. Now Gameloft game apps allow for sign-in via one-click authorization on new devices, after which digital assets owned by the user, and linked to the user's HUAWEI ID, can be accessed on the new device. This has substantially enhanced user experience and user loyalty, by integrating Account Kit and other services like In-App Purchases, the game apps not only bring high-quality gaming experience to AppGallery users, but also see a great increase of their own downloads.
In addition, Account Kit incorporates two-factor authentication and facial or fingerprint sign-in technologies, and complies with international standards such as OAuth 2.0 and OpenID Connect, to keep user data and privacy under lock-and-key. A lot of financial apps from around the globe have integrated with Account Kit after their rigorous internal evaluation and have released the new version, due to the kit's formidable security and privacy protection capabilities.
More than 900 million users in 190+ countries and regions use HUAWEI IDs, a massive, global user base that can expand the reach and audience for your app to unexpected new heights. Account Kit will continue to upgrade to serve as an intuitive and accessible method of entry to your apps, helping you attract and retain users with unprecedented success.
For more information, please visit:
Account Kit Development Guide:
https://developer.huawei.com/consum.../introduction-0000001050048870?ha_source=hms1
Account Kit Codelab:
https://developer.huawei.com/consumer/en/codelab/HMSAccounts/index.html#0?ha_source=hms1
Overview
DStv Now is a popular entertainment app owned by Multichoice in Africa. It enables users to watch their favorite video content online or through offline caching. Because the app's developer is committed to providing secure and reliable digital video content to users, they integrated two HUAWEI Safety Detect functions: system integrity check (SysIntegrity) and app security check (AppsCheck). This helped DStv Now to improve video smoothness.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Challenges
Ensuring the security of an app's running environment is critical to both providing a risk-free user experience and protecting video content. Malicious apps on user devices pose security threats to user accounts and personal information. Knowing this, DStv Now's developer decided that integrating security check capabilities was vital to evaluating the security of devices' environments.
DStv's Technical Director said: "We continuously optimize our app to adapt to different devices. However, we still need to ensure that our app runs on certified devices, to comply with the requirements of some content providers, and offers users a smooth streaming experience."
Solution
Safety Detect is a multi-dimensional open security detection service offered by Huawei. It provides a range of functions, such as SysIntegrity and AppsCheck, to help apps quickly build security capabilities which protect user privacy and security. DStv's Technical Director said, "Safety Detect helps us check whether a device is certified and ensure that the device has not been tampered with." DStv Now calls SysIntegrity and AppsCheck whenever a user registers an account, watches a video online, or caches a video in the app.
SysIntegrity, which is based on a Trusted Execution Environment (TEE) and digital certificate signature, helps DStv Now check whether the device running the app is secure, for example, whether the device has been rooted. AppsCheck helps DStv Now obtain a list of malicious apps on devices on which it has been installed. If risks are detected during this process, DStv Now can determine whether to restrict the app's functionality, or provide a warning to the user. "Using Safety Detect has helped us improve app security and ensure that users only use our app on certified devices", said the Technical Director of DStv Now. "This helps us root out piracy and ensure that streaming and video playback are done on devices certified by our content providers." The director went on to say, "It also helps us deliver a smooth user experience as we can develop our features based on certified devices, without worrying that our app is catering to tampered devices."
HUAWEI Safety Detect meets DStv Now's security check requirements and enables the app to provide more secure and reliable video content. The technical director said, "After integrating the SysIntegrity and AppsCheck functions, the video smoothness is assured."
Results
Video smoothness is assured.
User accounts are more secure.
Video playback is more secure.
Overview
Koshelek is a leading electronic payment app developed by Cardsmobile in Russia. Users can add their bank cards to the app for convenient payments. By integrating the SysIntegrity (system integrity check) function in HUAWEI Safety Detect, Koshelek has made electronic payments more secure, and reduced the instances of credit card fraud resulting from device system environment risks.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Challenges
To ensure payment security, the Koshelek app needs to ensure that users' devices used for payment are secure. Any risks, such as if the device is rooted or unlocked, can pose a threat to the users' personal privacy information, transactions, and passwords. Therefore, the development team of Koshelek needs to implement security detection capabilities which would enable the app to evaluate device environment security.
There is another reason why data security is of the utmost importance for the Koshelek app. "We create user profiles which we use to store user and credit card information", said Nikolay Ashanin, Cardsmobile's Chief of Mobile Development. "It is therefore imperative that all user data is completely secure."
Solution
HUAWEI Safety Detect is a multi-dimensional, open security detection service. It provides functions such as SysIntegrity to help apps quickly build security capabilities and protect users' privacy and security.
"We consider Safety Detect to be one of the main elements of our app protection system", said Nikolay Ashanin. By integrating the SysIntegrity function, the Koshelek app is able to evaluate the security of a user's device environment when the user is making payments.
If the user's device does not pass the SysIntegrity check, Koshelek can inform the user that their device is at risk, and prevent them from proceeding. This protects the user's account security, personal information, and transactions. "Safety Detect has enabled our company to develop a technical solution that satisfies the requirements of the international payment system", Nikolay Ashanin said, "HUAWEI Safety Detect has made the development process more efficient and convenient."
SysIntegrity meets Koshelek's requirements for security detection capabilities which are applicable to payments and transactions. It helps the app deliver secure bank card token services that meet international payment requirements. "After we integrated SysIntegrity, we saw that instances of credit card fraud resulting from device system environment risks was reduced", said Nikolay Ashanin.
Results
Credit card fraud instances resulting from device system environment risks were reduced.
The Koshelek app is able to satisfy international payment system requirements.
Can it be used with Visa, Mastercard and American Express ?
Overview
International News Agency and Radio Sputnik is a news agency with international reputation. Its news app Sputnik offers high-quality, international news stories covering breaking news, major events, in-depth reports, online video ads, and exclusive interviews. After Sputnik integrated the SysIntegrity function, it improved its detection rate for malicious reviews by 14%.
Challenges
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Dmitry Priemov, head of mobile from Sputnik, said, "We have found malicious attacks on Sputnik's ads. So we started to block users of the app with changed signature, because it definitely means that APK was modified to remove the ads." He added, "We also needed to quickly determine whether the malicious reviews of our app have been posted from devices with a changed signature."
Solution
"We regard system integrity as an important part of evaluating device risks." said Dmitry Priemov. HUAWEI Safety Detect is a multi-dimensional open security detection service. Its SysIntegrity function helps app developers quickly build security capabilities which protect user privacy and app security. "By integrating SysIntegrity, we have clear understanding whether the app is running on rooted device." Dmitry Priemov said.
SysIntegrity works using the Trusted Execution Environment (TEE) and digital signing certificate. It helps Sputnik check whether the device running the app is secure, and detects security risks such as if the device has been rooted. If risks are detected, the app can restrict that device from using certain functions, which prevents the malicious cracking of in-app ads. In addition, with SysIntegrity, the app can skip malicious reviews from some users, just as Dmitry Priemov said, "Our support team just skips any claims from such users or replies them that they have to format their devices and reinstall the app from official store."
Dmitry Priemov said, "Since integrating SysIntegrity, Sputnik has improved its detection rate for malicious reviews by 14%."
Result
Sputnik has improved its detection rate for malicious reviews by 14%.
You can find out more on the following pages:
Huawei developers official page:
SysIntegrity API intro:
Experience the easy-integration process on Codelabs
Rediit: https://www.reddit.com/r/HuaweiDevelopers/
Github: https://github.com/HMS-Core/hms-safetydetect-demo-android
Stack Overflow: https://stackoverflow.com/questions/tagged/huawei-mobile-services?tab=Newest