• Français
  • English

Article | App development companies, how can you prevent code theft?

November 8, 2022

When it comes to cybersecurity, we usually think of attacks such as viruses, malware and ransomware attacks, which are often spectacular and make the headlines. However, these attacks are only the tip of the cybercrime iceberg. In fact, there is one type of attack that is often ignored: code theft. According to a 2020 study done by Thales, 30% of cybercrime income is related to Intellectual Property theft.[1] Because developing an app takes time, money and resources, it is expected to generate income and grow the development company’s business. The source code is therefore your major asset and if it gets stolen or copied, your revenues and reputation will be compromised.

So, what are the options to protect the source code of an application? Here are some answers.

Code theft: an underestimated threat for app development companies

Code theft can affect any application. Threats are not directly related to the intrinsic vulnerabilities an app may have due to coding errors, but because applications are available on public application platforms, they are easily accessible. This easy access enables hackers to analyze and understand how they work, thanks to a process called reverse engineering where hackers use software such as debuggers or disassemblers to understand the application programming logic in order to recreate it or instrumentalize it.

There is another threat of code theft that is not specific to applications but concerns any software. This is when an app development company, usually a start-up, relies on a partner to market its program. In this situation, the partner must have access to the source code of the application to make it work with other programs. If the application is not sufficiently protected legally or technically, a rogue partner (or one of its developers) can steal the technology and commercialize a copy.

Regardless of how the source code is stolen, it is a theft of intellectual property that can damage the company who developed the app.

Why is it important to protect your source code against theft?

As an app development company, protecting your technological innovations allows you to stay ahead of your competitors and maintain your image as an innovator. Indeed, when an unauthorized copy of software resulting from the theft of source code is released on the market, it is almost impossible to know it has been stolen. Why? Because this type of theft is much more discreet than a ransomware attack. Often, even the app development company doesn’t know that it has been hacked, but ends up with a legitimate competitor who is taking market share and revenue. Moreover, because customers have access to an alternative, the app development company will no longer be perceived as particularly innovative.

This happens more frequently than one might think. For example, most mobile applications, especially Android apps, are at risk of repackaging and redistribution. As they are semi-compiled in bytecode, reversing this process is easy and hackers have access to powerful decompilers to facilitate this process. An Android developer can then see their app redistributed in another store or on the Play Store if the right protection mechanisms have not been implemented.

How can you protect your apps from code theft?

Applications can be covered by patents and copyrights; however, this has proven to be insufficient, and technological protection is therefore necessary.

The limits of legal protection against code theft

Registering a patent or copyrights means providing proof that the innovation belongs to your company. It therefore proves that you own the intellectual property of your app, but it does not prevent its theft. In addition, regulations do not allow for the patenting of the code, but they allow the way in which certain operations are performed in the software. In short, there is a whole field of legal protection of big innovations, but incremental innovations such as those you see in the app development world cannot be covered by a patent.

To make things harder, code theft is extremely difficult to prove, and legal proceedings are extremely long. You usually end up spending money in legal fees and energy that you could have used to develop innovation.

Thankfully, there are technological solutions that can complement the legal ones.

The technological solutions to protect your source code

There are several techniques to prevent hackers from stealing your source code.

One of them is called obfuscation, which is a strategy that makes the source code unintelligible to humans but readable by machines. Its advantage is that, unlike encryption, a decryption operation is not required, thus allowing obfuscation to have a limited impact on performance. Finally, since the code is never decrypted, it stays protected and hard to be understood by an attacker also during its execution.

Some advanced techniques allow to detect if an application is running on a compromised environment. These technologies are known as Runtime App Self Protections (RASP) enable additional protections against code instrumentalization. The RASP stops an attacker to reverse engineer the code with common reversing tools or to modify an app behavior in a compromised environment.

Furthermore, since patents are a barrier to interoperability and technology adoption, obfuscation is also a suitable solution in these cases.

In case of partnership or cooperation with other companies, the source code of sensitive technologies must be provided: an obfuscated application will perfectly function without its source code immediately accessible. Software running on untrusted environments, such as apps on publishing platforms, is at risk of reverse-engineering. Ensure to protect your revenues and reputation by preventing unauthorized parties from gaining insight, tampering with, or copying the source code from your applications. Use QShield App Protection to protect your applications against static and dynamic analysis. It offers code & data obfuscation with more than 30 different passes available, as well as dynamic protections, such as anti-root, anti-jailbreak, anti-debug, anti-hooking, anti-dynamic analysis. With QShield, you can design the optimal security configuration for your needs. Talk to one of our experts !

Watch our webinar

Webinar:

Why is it essential to protect the Intellectual Property of your newly developed software?

Follow us