Using Code Signing to Secure Mobile Apps

Smartphone users download billions of applications each year, and while the apps add greatly to phone functionality, the risks of buggy or malicious code threatens the user and also the integrity of networks.

By Jay Schiavo
Mon, February 14, 2011
. What's this?

Network World — This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Smartphone users download billions of applications each year, and while the apps add greatly to phone functionality, the risks of buggy or malicious code threatens the user and also the integrity of networks.

Mobile application publishers and developers need ways to differentiate their legitimate software from malware, protect their applications from tampering, and recall faulty or malicious code without impacting the rest of their published applications.

ANALYSIS: Outsourced apps a security minefield, study finds

Fortunately, advanced mobile software platforms such as Windows Mobile 7 and popular app stores such as Windows Marketplace for Mobile have implemented code signing technology to address many of the most frightening security concerns. These platforms use code signing to control the software allowed on networks, taking comprehensive measures to ensure the safety of mobile apps for users and the networks upon which they increasingly rely.

What is code signing?

In traditional software delivery models, a buyer confirms the source of the application and its integrity by examining the packaging. Software downloaded over a mobile network, however, poses a risk because the identities of the publishers are more difficult to determine. Inadvertently introducing malware into the wireless network environment doesn't just put a single end user's smartphone at risk, it can affect an entire network of devices and expose all subscribers to attack, interrupt service, and seriously damage the network provider's reputation and financial performance.

Realizing the responsibility they bear, app stores such as Windows Marketplace now require code signing technology that essentially "signs" the mobile software code with a digital signature, creating a "digital shrink-wrap" that both validates the source of the software code and confirms that the code has not been modified.

Code signing is based on public key cryptography. A developer or software publisher uses a private key to add a digital signature to a piece of software code. Mobile software platforms such as Windows Mobile 7 will use a public key to validate the signature during the app download process and compare the hash used to sign the application against the hash of the downloaded application.

It is this hash that confirms the contents of the file and verifies the code has not been altered or corrupted since it was signed. And while a user can verify the contents of a file and the integrity of the software, the publisher should also have the ability to efficiently revoke a compromised certificate.

Continue Reading

Originally published on www.networkworld.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Assessing ROI for Mobile Acceleration Clients
As mobile devices continue to expand in business use, ensuring these devices have optimal performance is becoming an IT imperative. This EMA paper examines mobile client accelerators. It provides an overview of how the technology works, its business benefits and cites three examples of real-world use cases and their individual costs and ROI.
Accelerating Cloud Performance with WAN Optimization
Today's smart CIOs are assessing their workloads against business needs and analyzing where each should run-locally or in the public cloud. Read on to learn about the benefits of cloud computing, and why its success or failure is often dependent on WAN optimization.
Case Study - Rayonier
With Riverbed, Rayonier was able to consolidate and virtualize eight data centers down to two, without diminishing end user performance. In addition, Rayonier did not require additional bandwidth. The success of this project enabled Rayonier to payback its Riverbed investment in less than one year.
The Changing Requirements of WAN Optimization
WAN optimization has gone way beyond Layer 4 tuning. This paper examines the future of WAN optimization and how it can enable greater IT consolidation between the data center and branch offices. Learn key questions to ask your WAN optimization provider to make sure their solution will meet your future needs.
Case Study - Constangy
Private cloud computing has had a tremendously positive impact on the quality, cost, and manageability of the complete enterprise IT environment.
The CIO's Guide to Optimizing Virtual Desktops
Desktop virtualization promises many benefits, including simplified and standardized desktop support, greater consistency and control, and better security and compliance. But if customers want true desktop virtualization success, they would be well advised to evaluate WAN optimization solutions. Read this white paper to learn how Riverbed solutions can help you realize the full benefits of desktop virtualization.
Webcasts »
WAN Way or Another: How to Deliver Application Performance
Are your enterprise applications like file sharing, email, backup, and replication noticeably slow over long distances? Consolidation initiatives like web-based apps, virtualization, and cloud computing all increase the distance between workers, servers, and storage. Bandwidth constraints, latency, and a drop in productivity can result. But it doesn't have to be this way.
Supply Chain Radio: EDI hubs (Send v. Post)
Supply chains require the ability to connect and share information with vendors and partners globally. EDI networks have made this connection possible by allowing various entities to upload information for others to see.
Successful Mobility: Access and Performance Anywhere
Today's workforce is truly mobile. At the office, from customer sites, even at home or in a hotel - their connectivity and application performance needs remain the same. But even though their requirements don't change, the challenges in meeting their expectations do.
Test Drive the Future of Business Communication Today
Traditional communication methods are no longer sufficient to meet the pace of business today. Video Conferencing is an essential business tool. Dimension Data is revolutionizing the process of doing business and making video conferencing fast, simple and affordable.
The Higher-Bandwidth, Lower-Cost Connection of Choice: 10GBASE-T LAN on Motherboard
Learn how Expedient, a cloud provider, is using 10 Gigabit Ethernet to boost its services and rein in costs.
Virtualization Success is a Team Effort
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Assessing ROI for Mobile Acceleration Clients

Accelerating Cloud Performance with WAN Optimization

Case Study - Rayonier

The Changing Requirements of WAN Optimization

Case Study - Constangy

The CIO's Guide to Optimizing Virtual Desktops

WAN Optimization: The Key to Effective Private Clouds

Improving Business Value of WAN Optimization

Accelerating Data Migration with WAN Optimization

Increase IT Performance from the Enterprise to the Cloud with WAN Optimization

Forrester - Successfully Consolidating Branch-Office Infrastructure In The Face Of More Users, Services, And Devices

Converged Infrastructure for Dummies

Seven Priorities for Integrated Network Management - How HP Intelligent Management Center Delivers an Enterprise-class Solution

Building Cloud-Optimized Data Center Networks white paper

AlertBoot Case Study

Meridina fly Case Study

Gilt Groupe Case Study

Comic Relief Case Study

See Tickets Case Study

SnagAJob.com Case Study
Sponsored Links

Master the cloud with the power of convergence from HP

Connect with IT leaders redefining mobility at the Enterprise Mobile Hub

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

Click to see how Accenture has delivered high performance to clients

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Complimentary Gartner Report on BYOD: Media Tablets & Beyond. View Now

Elevate storage agility and efficiency with HP 3PAR storage.

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

High performance. Delivered. Click to see Accenture's client successes

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords