F5 Inc. announced its Mobile App Security Suite for iOS and Android devices Tuesday, combining bot takeover protection with other application shields to prevent malware from invading and damaging smartphones.

These shields prevent malicious code from being installed on phones, such as keyboards that can capture data such as account credentials, code injections to insert various malware elements, ways to manipulate the phone’s screen to fool users into thinking a phone is inactive while running malware in the background, or supporting various man-in-the-middle kinds of attacks that intercept a user’s data or login information. The accompanying illustration from F5 provides other capabilities.

Phones have become an important attack vector because they are so ubiquitous and because in many cases they lack the typical endpoint protection measures found in desktops and laptops. One report found that nearly two-thirds of the 400 most often used Android finance apps are vulnerable to attack, for example. Cybercriminals also count on users’ short attention spans to not spot compromised apps as they quickly scan their phones’ screens.

Many years ago, the mobile security market got its start with mobile device management tools. These were mostly focused on controlling users’ access to particular enterprise network resources and preventing users from accessing noncorporate applications. This was well before the era where mobile malware became popular, and now this particular security niche has refocused.

Much of the reason for this changeover has to do with the numerous ways mobile threats can enter a mobile device. For example, bad apps are substituted on the Apple App and Google Play Stores, or components can be inserted into the mobile app supply chain, or phishing lures are specially crafted to target mobile users to steal user credentials and data.

Because of this rich diversity of mobile-based attacks, the open-source community has a specific project to teach app developers how to secure their apps better. But this means that mobile devices need additional protection designed to stop these and other entry points.

F5 joins several other companies in this market, most notably Check Point Software Technologies Ltd., Zimperium Inc., IBM Corp., Lookout Inc. and Trend Micro Inc. These tools typically come with both runtime application protection for mobile apps as well as constantly monitoring them while in use.

F5 claims that its automated deployment routines make its solution easier and faster to deploy across an entire organization’s mobile fleet, although these other providers have this feature as well.

Photo: Photopin/Flickr, image: F5