Appdome CEO Tom Tovar Talks His Company’s Mission, Android Accessibility Service Attacks, More In Interview

News Room

In a press release issued in late September, Bay Area-based mobile security company Appdome announced so-called “new mobile anti-malware protections” which detect various kinds of Android Accessibility Service malware. According to Appdome, malware of this type is oftentimes used to “carry out large scale, distributed attacks on mobile banking apps, crypto wallets, and other financial services apps.”

On its website, Appdome describes itself as the “one-stop shop for mobile app defense.” The company’s technologies enable organizations to “build, test, release and monitor all mobile app protections in one unified platform in the DevOps CI/CD pipeline [and] accelerate the delivery of mobile app security, anti-fraud, anti-malware, anti-cheat, anti-bot and other defenses in Android & iOS apps.” In the press release, Appdome said the Android Accessibility Service is the operating system’s “framework designed to allow mobile applications for individuals who are disabled to interact with all applications on an Android device.” As Appdome explains, the problem is Android Accessibility Service is often targeted by hackers and other fraudsters. Ergo, this makes already vulnerable members of the disability community all the more vulnerable when trying to use their Android-based smartphone or other device.

“This is a difficult problem to solve,” said Appdome co-founder and chief executive Tom Tovar in a statement included in the company’s press release. “To support the community, we created a defense that allows legitimate use of Accessibility Service, while at the same time prevents ATS malware from using Accessibility Service for nefarious purposes.”

In an interview with me conducted last month over email, Tovar told me Appdome’s automation platform is designed to help businesses keep mobile apps sd safe and secure as possible by “eliminating the guesswork, coding, engineering effort, and complexity often associated with cyber projects.” The end result of Appdome’s efforts, he said, is “better, faster protection for all mobile end users, brands, and businesses that rely on mobile apps to do things and get things done.”

As to the aforementioned Android Accessibility Service framework, Tovar called it “amazing” technology that essentially “[provides] a mechanism for mobile applications to serve individuals with disabilities through third-party applications.” It’s a critical element in the system because, as Tovar noted, the framework helps allow users to harness accessibility features such as the TalkBack screen reader, gesture controls, and more in order to make their computer(s) more inclusive and accessible. The challenge for users (and Appdome) is the less scrupulous lot amongst us have decided to take advantage of the Accessibility Service framework by building malware that “plugs into the same event framework and use this access to monitor users, steal credentials and perform transactions without the actual user’s knowledge.” The good news is Tovar and team fortunately has “figured out several ways to catch this malicious activity in the act and stop the abuse and misuse” of Accessibility Service.

Although Appdome’s recent announcement focuses on disabled people and, by extension, the disability community, Tovar emphasized the company truly is in the business of “making [development, security, and operations] better” for all users. He said “proper mobile defense” affects everyone, telling me “modern mobile attack surface is too broad, dynamic and sophisticated for end users to defend themselves effectively.” Moreover, while Tovar acknowledged there may be a small subset of people who nerd out and keep up with security matters, there’s no reason they should have to do so. Likewise, the majority of people have neither the knowledge nor the desire to decipher such material. That’s where Appdome comes in. Its tools, Tovar told me, “make the job of delivering on this expectation easy and painless for the developer.”

To Tovar’s point, it’s also true Appdome’s work is accessibility unto itself. This particular context involves the Android Accessibility Service, which obviously is aimed at bonafide accessibility. The truth is Appdome makes mobile security more accessible to those people who don’t know (or don’t care) about keeping up with the myriad attack vectors and any defenses. In other words, Appdome is helping further accessibility in both senses of the word. The distinctions aren’t at all trivial.

Feedback on Appdome’s work has been positive and the “most exciting part of our journey,” Tovar said. It’s a different world today than when Appdome initially launched seven years ago; to the company’s mission, there weren’t as many protections back then as they are now. What began with a handful of protections for better security has grown to “30 to 100 protections” as the Appdome team kept working and innovating. In sum, Tovar said he’s “incredibly happy” with the feedback from users.

“Today, I don’t know of a single customer who isn’t trying to use all of what we have to offer,” he said of customer response. “We took the friction out of doing the right thing—for the brand, the business and the users. The private and public feedback has been amazing.”

When asked about his visions for the future, Tovar was frank in saying Appdome has “a lot of work to do to keep the mobile app economy safe and secure.” He added the exploit economy is “alive and thriving” right now, and Appdome feels a heavy responsibility to rise to the difficult challenge because there’s no end in sight to the onslaught of threats.

“Mobile brands, our customers, partners, and the entire global mobile end-user community have our commitment to staying ahead of attacks and threats that target users, transactions, data and the integrity of the mobile app economy,” Tovar said of Appdome’s future plans. “We’re not done by any means. [We] will make sure you can continue to enjoy using your mobile applications.”

Read the full article here

Share this Article
Leave a comment