What is Mobile RASP?

Nikfar Khaleeli | Mar 16, 2023

The goal of runtime protection for a mobile app is to prevent malicious code or attacks from compromising the integrity of a mobile app while it is running. Mobile RASP (Runtime Application Self-Protection) solutions provide this protection, enabling a RASP-enabled mobile app to monitor its own behavior and protect against attacks. When evaluating mobile app security solutions, companies should enquire about the available RASP features. RASP is an effective additional layer of security that companies will want to implement in their mobile apps as it provides comprehensive protection at runtime, and can detect and block malicious activity as it is happening.

What is a Runtime Attack? 

A runtime attack is a type of cyber attack that occurs during the execution of a mobile application, also known as the "runtime" phase. In a runtime attack, an attacker attempts to exploit vulnerabilities or weaknesses in the code or memory of the mobile app to gain unauthorized access or control over the application.

Runtime attacks can take various forms, such as buffer overflows, injection attacks, or heap overflows. The goal of these attacks can vary, ranging from stealing sensitive information to taking over the mobile app or disrupting its normal functioning.

Common Runtime Attack Techniques

There are several runtime attack techniques that can be used on mobile apps, including:

  1. Man-in-the-middle (MitM) attacks. An MitM attack involve intercepting and modifying data transmitted between a mobile app and a server. Attackers can use this technique to steal sensitive information such as login credentials, credit card details, or personal data. For example, a flaw in certificate pinning created a vulnerability in the mobile apps of major banks that could have allowed attackers to steal customers' credentials including usernames, passwords, and pin codes. MitM attacks can also be used to inject malicious code into the transmission. 
  2. Data injection attacks. Data injection attacks involve inserting untrusted data into the mobile app's runtime environment, often through user input fields or other areas where user-supplied data is processed. These are simple text-based attacks that exploit the syntax of the targeted interpreter within the mobile app. Almost any source of data can be an injection vector, including resource files. This allows attackers to gain unauthorized access to the app or device, or to steal sensitive information. SQL injection, cross-application scripting attacks and cross-site scripting attacks are examples of injection attack scenarios. According to OWASP, client side injection is an easily exploitable attack vector. 
  3. Code injection attacks. Code injection attacks involve injecting malicious code into the mobile app's runtime memory, allowing attackers to execute arbitrary code and take control of the device. For example, HTML5-based mobile apps, which are increasingly popular due to portability, are a prime candidate for code injection attacks because the web technology used by HTML5-based apps allows data and code to be mixed together. The various data channels, (e.g., barcode, SMS, file system, Wi-Fi and NFC, etc.) by which HTML5 mobile apps interact with other entities can all be used for attacks. 
  4. Malware. Attackers can also use malware to infect mobile devices, which can then be used to carry out a variety of runtime attacks. For example, a mobile app with malware can exploit vulnerabilities in the mobile operating system or other mobile apps to gain elevated privileges on the mobile device. This can allow the malware to perform actions that would otherwise be restricted, such as accessing sensitive data or installing additional malware. Malware can also be used to exfiltrate sensitive data  from a running mobile app. Examples of sensitive data that would be sought out by attackers include login credentials, credit card information, and personally identifiable information. While it is unlikely that the mobile apps you get from an official app store will be infected, apps that are pirated or come from less legitimate sources often contain malware. 
  5. Reverse engineering. In a reverse engineering attack on a mobile app, an attacker analyzes its code and other assets with the intent of understanding how the mobile app works, what data it processes and how it communicates with other systems. This can be done by using various techniques such as decompiling, disassembly, code analysis, debugging, and dynamic analysis. There are many goals of reverse engineering including: finding vulnerabilities or weaknesses that can be exploited during runtime; theft of intellectual property; information theft; and performing app modifications.

What is Runtime Protection? 

Runtime protection refers to the techniques used to detect and prevent security vulnerabilities and attacks when an app is executing. This means that instead of relying solely on measures implemented during the software development phase, runtime protection provides an additional layer of defense against potential security threats that may arise during the operation of a software application.

Runtime Application Self-Protection or RASP is the name given to these security techniques. RASP solutions work by embedding the relevant security controls directly into a mobile app allowing it to monitor its own behavior at runtime, which enables it to detect and prevent attacks and exploitation of security vulnerabilities. A mobile app with RASP will detect and address security issues in real-time, minimizing the potential impact of such attacks.

RASP is typically deployed as a software component within the application environment, either as an agent or a library. RASP techniques includes features such as debug detection (also known as anti-debugging), emulator and simulator detection, jailbreak and root detection, dynamic binary instrumentation (DBI) framework detection, MitM attack detection, repackaging detection, tamper detection (aka anti-tamper) and integrity scanning. 

As RASP is integrated into the app, it can also provide detailed information about attempted attacks, helping organizations to quickly identify and respond to security threats.

It is worth pointing out how data protection is different from runtime protection. Data protection refers to the measures taken to ensure that data is securely stored and transmitted. This includes techniques such as encryption, access control, data backup, and data retention policies. The goal of data protection is to prevent unauthorized access, modification, or deletion of sensitive data.

Try Blue Cedar Mobile RASP

Blue Cedar Mobile App Security provides Mobile RASP to protect the runtime of mobile apps. Blue Cedar Enforce is the component of Blue Cedar Mobile App Security that enables RASP in mobile applications and is delivered by the Blue Cedar Platform, a CI/CD friendly SaaS solution. Supported RASP techniques include Man-in-the-middle (MitM) detection, jailbreak and root detection, emulator and simulator detection, anti-debugging, anti-tampering, anti-debugging, and anti-hooking.

With Blue Cedar, it is very easy for companies to enable RASP in their mobile apps. Blue Cedar’s mobile RASP works with all mobile app development frameworks and programming languages. Additionally, the Blue Cedar Enhance service can be configured to add RASP to mobile apps in a no-code fashion. 

You can try the mobile RASP features of Blue Cedar at no charge. Register at https://www.bluecedar.com/sign-up to do so. 

In fact, you can use all of what Blue Cedar offers for NO CHARGE with as many mobile apps as you want. Blue Cedar Mobile App Security. Blue Cedar Enhance. The Blue Cedar Platform. All of it is  free to use until integrated or secured mobile apps are pushed to production. 

Try it out. It could be fun.

Let’s Stay In Touch
All our latest content delivered to your inbox a few times a month.