Hindustantimes wants to start sending you push notifications. Click allow to subscribe

Startup Mantra: Shielding mobile applications from external threats

BySalil Urunkar
Dec 30, 2023 07:24 AM IST

Protectt.ai provides a security platform that covers mobile device, mobile application, and mobile transaction security

Pune: India is becoming a “mobile-first economy” with smartphones playing a central role in our daily routines. With 97 per cent users on Android ecosystem, it has become a breeding ground for insidious malware, traversing seamlessly from one unsuspecting phone to another, carrying with them a burgeoning payload of risk. The consequences of this digital peril ripple far beyond individual devices, reaching deep into the core of organisational ecosystems. The financial sector finds itself at the epicentre of this storm. Mobile banking apps, insurance platforms, and stock trading interfaces, the gateways to our digital existence, are not immune and face the constant threat of being hacked, tampered with, and manipulated. Amidst this digital maelstrom, Manish Mimani launched a resilient response in the form of his deep-tech startup Protectt.ai, a mobile apps, device and transaction security platform on SaaS (Software as a Service).

Manish Mimani’s Protectt.ai provides a security platform that covers mobile device, mobile application, and mobile transaction security. (HT)

“While we have adopted the digital and mobile transformation, identify theft, data leakage, cyber incidents with individuals as well as corporates and other kind of frauds have emerged as the darker side. Protectt.ai was our idea of building India’s first mobile threat defence company where we provide a complete mobile application security platform, including mobile device, mobile application, and mobile transaction security,” said Manish.

Unlock exclusive access to the story of India's general elections, only on the HT App. Download Now!

In the lead-up to founding Protectt.ai, Manish’s formidable 18-year career in the banking and insurance sector included a pivotal role as the chief information officer at Aviva Life Insurance India, where he was an integral part of the global IT leadership team. His extensive experience spanned diverse geographies, with notable contributions to digital transformation, cybersecurity, and mobile technology at different companies like Aviva, Howden India, Star Union Dai-Ichi Life Insurance company.

“During our research and program development phase, I personally observed a significant gap in the market. Every company was in the process of developing mobile apps, yet there was a glaring absence of comprehensive solutions for mobile application security, cybersecurity, and identity management. Many enterprises were aware of the necessity for app security on consumer devices, but there were no existing market solutions to address these critical needs. This realisation triggered us to embark on an entrepreneurial journey to build a robust solution, knowing fully that building such solution would not be easy,” he said.

Runtime protection

Presently, India boasts over 75 crore smartphone users, and within the country, more than 2 lakh mobile apps have been developed for the local market. This significant proliferation is reshaping and revolutionising India’s digital economy. Globally, there are a staggering 50 lakh mobile apps, with corporations offering a plethora of services through these applications.

“Consider the scenario of a bank providing mobile banking services to several lakh customers. The challenge arises from the diverse state of the devices these customers employ. With each user utilising their personal phones, connected to millions of networks, there exists a myriad of threats stemming from these network connections. Unfortunately, many users lack awareness about the privacy implications of their actions, including the access granted to various apps and the potential risks associated with downloading apps,” Manish said.

“Our response to these challenges is a robust mobile application security platform designed specifically for corporate needs. Through our platform, we offer solutions that ensure the runtime protection of organisational apps, safeguarding them from the diverse array of threats present in today’s dynamic digital landscape,” he said.

Starting up

Manish said, “In June 2020, we initiated our journey, dedicating a year and a half to research and development, crafting comprehensive solutions. Two years ago, we proudly introduced our products to the market. In this brief timeframe, banks, insurance firms, and stock exchanges have embraced our solutions to safeguard their mobile apps.”

Being in leadership role at big corporates, with substantial budgets, large teams make one’s job easy. But Manish left that comfort zone, especially at the onset of Covid pandemic. Contrary to the expectations, Manish started seeing an opportunity in the post-Covid era with the expanding digital landscape.

“Every company required a security solution. However, the market lacked such solutions due to high entry barriers associated with research and the challenge of keeping pace with evolving technology. Globally, there are only a handful of companies operating in this segment, around eight to ten, underscoring the difficulty in creating robust products. Today, we take pride in being India’s first mobile app security platform, offering a range of solutions to organisations for protecting their mobile applications. Our comprehensive approach addresses cyber threats, identity thefts, code protection, and online transaction security against fraud risks,” he said.

Exposing gaps

During the development of every app, a certain level of security is essential. It was observed by Manish and his team that many companies as part of their mobile app development processes, treated app security as a “checkbox activity” as they lacked the skilled talent and struggled to keep pace with the ever-changing security landscape.

“Security, inherently, demands continuous upgrades, a facet that often loses focus amidst the primary focus on mobile app development. We started consultations with numerous chief information officers (CIOs) and chief information security officers (CISOs) within the community. The challenge lay in the extensive research required for their development. Addressing the talent gap was imperative, given India’s predominant service-oriented mindset. Transitioning towards a product-oriented mindset necessitated the recruitment and nurturing of a diverse team, including both freshers and seasoned professionals. The market response was overwhelmingly positive, with numerous organisations, including those in insurance, banking, and stock exchanges, expressing keen interest. The initial goal was to swiftly onboard three to four companies, a target that was successfully achieved,” Manish said.

SIM binding

On the solutions offered by his platform, Manish said, “Through device and SIM binding, we establish a connection between the user, their device, mobile number, and SIM identification, creating a secure identity to prevent unauthorised access to your mobile application. Our approach aims to fortify the application against potential hacking attempts. In the realm of fraud and risk management, we provide a solution that conducts thorough analyses to distinguish between safe and fraudulent transactions. This real-time evaluation allows for immediate classification of transactions, all executed directly on mobile devices. Our suite of solutions includes a free to download B2C product named ‘MProtectt’, consisting of a mobile antivirus component and ‘MProtect Safe Security’, a feature dedicated to privacy concerns.”

Regulations

Some organisations have a perception that the responsibility for securing their app lies solely with the consumer device owner. However, this is not accurate, said Manish. “It is the organisation’s duty to ensure that their app remains impervious to potential breaches or compromises of the digital identity of their customers. This mindset disparity poses a challenge in certain instances,” he said.

“Recognising the critical importance of digital payment security, the Reserve Bank of India (RBI) has introduced guidelines known as Digital Payment Security Controls (DPSC). Currently, the Securities and Exchange Board of India (SEBI) is also in the process of formulating similar guidelines to safeguard the interests of consumers using trading apps. It is anticipated that other regulatory bodies will follow suit in issuing guidelines to address these concerns,” said Manish.

Key vulnerabilities

Privilege Escalation: In the era of the Internet of Things (IoT), where mobile apps control various aspects of our surroundings, a compromised mobile device could extend beyond personal security concerns. If a mobile device is compromised, there exists the potential for an attacker to gain control over it, leading to what is known as privilege escalation. For instance, an attacker could manipulate smart home devices like fans and lights through the mobile app, highlighting the broader implications of mobile device security in our interconnected world.

Screen mirroring: Screen mirroring is where certain apps replicate and transmit users’ activities to an external server without their awareness. In a noteworthy incident with a banking customer, Protectt AI solution identified numerous instances of screen mirroring, providing crucial protection. Previously, the consumer was unaware of such occurrences, emphasising the importance of proactive alerts from the banking app.

Rooted devices: Users might unknowingly compromise their devices by installing unfamiliar certificates or clicking on links that lead to the installation of unknown certificates. These network certificates can monitor both incoming and outgoing internet traffic on the device, allowing access to and potential interception of all data flowing through. One significant risk involves tampering with operating systems, commonly referred to as rooted devices, particularly prevalent in India.

Next moves

On future plans, Manish said, “As a part of our international expansion, we are initiating operations in Dubai, UAE, and the Gulf region next month. Following this, our plan involves entering the US market within the next three to four months. These strategic moves align with our global expansion goals and contribute to the ongoing development of our products. We have also established a dedicated research and development centre in Chennai. We also work with the Data Security Council of India. In the Indian market, we are actively engaging with the government, given our significant involvement in government-to-citizen apps. Recognising the substantial presence of over 800 government apps in India, we are exploring partnership opportunities.”

SHARE THIS ARTICLE ON
Start 14 Days Free Trial Subscribe Now
OPEN APP