SOLUTION OVERVIEW
Mobile App Security
Suite from F5 Distributed
Cloud Services
Deploy the Mobile Security Suite to protect your mobile apps from data breaches and
compliance violations caused by malware, tampering, repackaging, and bots. You can
harden your mobile apps and block in-app threats without impacting customers.
Mobile App Security Suite from F5 Distributed Cloud Services
2
Exploding Mobile App Usage Makes Mobile App
Security Critical
App store spending on iOS and Android is set to eclipse $300BN by 2025
1
and attackers
have taken notice. They will decompile and repackage your mobile apps, use malware,
inject scripts, and use overlay attacks to steal customer data, commit fraud, and steal
sensitive in-app data—such as credentials, API keys, and intellectual property.
To avoid web defenses, attackers pivot bad bot attacks like credential stung, account
takeover, and scraping to your APIs and backend infrastructure via mobile channels.
In addition to data breach risk, you need to ensure you have a solution in place that will
ensure you can meet rigorous compliance standards that are constantly evolving.
KEY FEATURES
Mobile app hardening
Prevent repacking with sophisticated code-obfuscation and dynamic
app binding technology.
Pro-active in-app protection
Block tampering and other runtime threats (ex: overlays and hooking
frameworks), including on jailbroken/rooted devices, with Runtime
Application Self-Protection (RASP) and malware behavior detection.
Secure applications
Deliver the most eective protection with integrated, one-pass, full stack
(L3–L7) security, including an ICSA Certified firewall, high-capacity
distributed denial-of-service (DDoS) mitigation, contextual access
management, and more.
White-box cryptography
Stop unauthorized third-party data exfiltration and man-in-the-middle attacks.
Pro-active bot defense
Block bots with human supported AI and telemetry that adapts to
attacker retooling.
Low-code deployment technology
Integrate our SDK in a low-code manner with dynamic app binding to
streamline deployments.
KEY BENEFITS
Reduce security risk
Prevent mobile app repackaging,
in-app tampering, malware, and
bad bots.
Meet rigorous compliance
standards
Meet compliance requirements for
privacy (CCPA, GDPR), payments
(PCI-DSS, EMVCo SBMP, PSD2),
and health (HIPAA).
Deploy and scale rapidly
Leverage our low-code integration
technology to deploy and scale 3x
faster than manual deployments.
61% OF THE 400 MOST-
USED ANDROID FINANCE
APPS ARE VULNERABLE TO
REPACKAGING ATTACKS.
2
Mobile App Security Suite from F5 Distributed Cloud Services
3
Prevent Repackaging, Tampering, and Bad
Bots with Mobile App Security Suite
The Mobile App Security Suite from F5 Distributed Cloud Services blends mobile app
shielding and bot defense. You get sophisticated obfuscation, malware behavior detection,
cryptography, mobile RASP, and bot defense. You can lower mobile app security risk that
leads to compliance violations, financial loss, data leakage, fraud, customer churn, and
reputational harm without impacting customers.
In addition, you can demonstrate your mobile apps are tamper-resistant and constantly
monitored so you can meet mobile compliance requirements for payments (ex: EMVCo
SBMP, PSD2, & PCI) privacy (GDPR & CCPA), and healthcare (HIPPA). Finally, you can
reduce management overhead and accelerate time-to-value with low-code technology for
deployment and management.
Low-code SDK
integration
Upload
protected
app into
app store
Unauthorized
3rd party
access denied
Customer
decision logic
Bot
Illegitamate Trac
F5 Distributed Cloud Services
• Run-time Application
Self-Protection (RASP)
• Malware behavior detection
• White box cryptography
• Tamper detection
• Telemetry-based bot
mitigation
• Threat intelligence network
• Human supported AI
retooling defense
• Sophisticate obfuscation
architecture
Tamper signals
Tamper signals
MOBILE APP BACK-END INFRASTRUCTURE
1
2
3
4
IN TOTAL, FIRMS SPEND
ALMOST $15 MILLION ON
THE CONSEQUENCES OF
NON-COMPLIANCE. THAT’S
2.71 TIMES HIGHER THAN
WHAT FIRMS TYPICALLY
PAY TO STAY IN
COMPLIANCE BY BUILDING
STRONG COMPLIANCE
PROGRAMS.
3
Figure 1: Protect mobile apps
from repackaging, tampering,
and bad bots
©2023 F5, Inc. All rights reserved. F5, and the F5 logo are trademarks of F5, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or aliation, expressed or implied, claimed by F5, Inc.
DC 09.2023 | OV-GTM-1148020707-distributed-cloud-mobile-app-security-solution-overview
Conclusion
The popularity of mobile continues to grow dramatically, creating opportunities to engage
customers and generate revenue. However, as more value is stored and transacted on mobile
apps, more bad actors will look for ways to capture that value. In addition, you face rigorous
and ever-evolving compliance standards centered around privacy, payments, and health data.
The Mobile App Security Solution from F5 Distributed Cloud Services is designed to help you
reduce your attack surface by eliminating threats like tampering, repackaging, and bad bots.
The solution will help you meet the various compliance standards you must adhere to. You
get innovative low-code technology that accelerates your time-to-value, lowers management
complexity, and maximizes ROI.
Visit the Mobile App Security Suite page to find out how F5 products and
solutions can enable you to achieve your goals.
View demo about Protecting Your Native Mobile Apps with F5 XC Mobile
App Shield.
1
Jack Flynn, 40 Fascinating Mobile App Industry Statistic [2023]: The Success of Mobile Apps in the US, found at
https://www.zippia.com/advice/mobile-app-industry-statistics/
2
Promon’s App Threat Report: Q4 2022).
3
Ascent Team, The Not So Hidden Costs of Compliance, found at
https://www.ascentregtech.com/blog/the-not-so-hidden-costs-of-compliance/
4
F5, F5 Labs Investigates MailBot, found at
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
IN FACT, ANY
APPLICATION WHICH
MAKES USE OF WEBVIEW
IS LIABLE TO HAVING THE
USERS’ CREDENTIALS AND
COOKIES STOLEN.
-Excerpt from MaliBot report.
4
