Considering mobile app management? You should know about app immune systems from Metaforic. - Jack Madden -
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.
Jack Madden's Blog

Past Articles

Considering mobile app management? You should know about app immune systems from Metaforic.

Written on Jan 15 2013 4,256 views, 2 comments

by Jack Madden

Last week I had a conversation with Dan Stickel, CEO of Metaforic. Metaforic is the creator of an “app immune system” product that’s designed to keep apps safe from attacks, regardless of the state of the environment in which they’re running. Today Metaforic is announcing that their immune system is now available for BlackBerry 10, in addition to the existing iOS and Android versions. Metaphoric app immune systems could advance the mobile app management (MAM) field considerably. Here’s how:

Where the discussion is today

In the security space at large, most people are concerned with trying to maintain computing environments that are as clean and as sterile as possible. Discussions revolve around things like firewalls, code signing, and application whitelisting. But since any environment is subject to contamination, the Metaforic approach is to create applications that don’t rely on their environment for security and can instead defend themselves against real-time attacks. This is especially important for publically available apps that run on potentially compromised systems, but even well kept environments could benefit from this extra layer of protection.

In the mobile space, application security has been focused on either securing devices or securing apps through authentication, remote kill switches, encryption, and VPNs. Metaforic adds a whole new layer to the equation by protecting against threats that most MAM products don’t address.

About Metaforic

Metaforic’s immune system is available for wide variety of server, desktop, and mobile operating systems, and works by inserting thousands or tens of thousands of “antibodies” into applications. The antibodies are small pieces of code that detect attacks in various ways, including through anti-debuggers, breakpoints, and making cryptographic hashes of short sections of the host app’s code, in order to detect changes. These are all well-established software protection techniques, but injecting so many of them into a single app makes real-time attacks extremely difficult. The antibodies can even monitor each other, and an attack can trigger a warning to a user or admin to shut down an app entirely. The system has the advantages that it doesn’t need network access to work and there’s no reliance on malware databases.

For mobile apps, Metaforic is integrated via a desktop toolkit. The toolkit does dynamic and static analysis then injects code before apps are compiled. Metaforic claims that there’s very little performance and storage overhead for treated apps.

What this could be

With the debate about whether or not to manage BYOD mobile devices still raging, there’s an obvious place for self-defending apps. But also consider that all mobile devices face threats unless they’re locked down to un-usable levels; not many users would consider allowing their company to turn off access to app stores, so any corporate apps on those devices are vulnerable. Metaforic would help in these situations. The other major use-case is for public facing apps; like banking apps.

An immune system certainly doesn’t replace the tools that come with mobile app management products, and can be used alongside them without any conflicts. But what would be great is if MAM vendors could license this technology to include in their SDKs and app wrapping tools. This is definitely something to keep an eye on.


Our Books


Harry Labana wrote re: Considering mobile app management? You should know about app immune systems from Metaforic.
on Tue, Jan 15 2013 4:46 PM Link To This Comment

You should also know about may involve less friction, although to be fair I have not taken a close look.

Jack Madden wrote re: Considering mobile app management? You should know about app immune systems from Metaforic.
on Wed, Jan 16 2013 1:17 PM Link To This Comment

Yeah, also interesting stuff. From another angle, though. I did a write-up last summer:

(Note: You must be logged in to post a comment.)

If you log in and nothing happens, delete your cookies from and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.