Layer7 API Management

  • 1.  Ability to detect runtime attacks and customizable actions

    Posted Sep 22, 2017 01:28 AM

    With MAG SDK on the client side, is it possible to detect runtime attacks and configure actions accordingly? This is required to ensure mobile apps are not compromised or cloned through application attacks, such as reverse-engineering or code tampering.



  • 2.  Re: Ability to detect runtime attacks and customizable actions
    Best Answer

    Broadcom Employee
    Posted Oct 06, 2017 02:15 PM

    It really depends on the type of attack. Our Mobile SDK supports Proof Key for Code Exchange - PKCE (rfc7636) out of box that prevent MITM attack for features like Social Login or any other authentication using the Authorization flow from oAuth 2.0.

     

    The current version of the SDK (v1.5.00) do not include any feature for auto detect Rooted / Jailbroken devices but those topics are for sure in our radar.

     

    Please also keep in mind that the Mobile SDK is open sourced and can be easily forked and enhanced.

     

    Thanks and best regards.