Matomo

Data security for consumer applications | Cossack Labs

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Cossack Labs
search
Solution

Security for consumer apps

Consumer software can take any form: from most-downloadable social network apps to niche developer tools. B2C companies operate in a tight space: they need to understand customers' goals and needs; they are responsible for sensitive data; they need to respect GDPR, CCPA, COPPA, and prevent data leaks.

Consumer app security is a mix of protecting users data against prying eyes, and at the same time protecting the product against users actions.

Typical challenges for
consumer apps’ security

//

Lots of data

Consumer apps collect tons of data: PII, analytics, behaviour information. Losing or misusing this data is a viable business risk in the light of the ever-growing list of breaches.

//

Minimum lovable product

Consumer apps have a strong emphasis on UI and interactions, so security measures should not break UX or frustrate users.

//

Massive adoption invites malware

API misuse, apps cloning, bots, payments fraud – the popularity makes apps an attractive target for curious and malicious users.

//

Security hinders growth

B2C companies work better by constantly analysing users’ behaviour. Still, at the same time, they should respect privacy (GDPR, DPB, Consumer Data Privacy Laws), process as little PII as possible, and comply with regulations.

Modern solutions

E2EE and Zero knowledge architectures

End-to-end encryption comes in handy when developers don’t want to have access to users’ data at all. Encrypt data on application side for a user, process and store encrypted, and decrypt only for a target user.

See ThemisModern solutions

Strong product security

Intrusive security measures, tolerated in the B2B space, won’t work for B2C apps. End users value security but prefer it to be transparent. Security measures should work without a need to configure or enable them.

Security tooling

Not every app needs E2EE. It’s possible to create a privacy-respectful and secure app by combining specific security measures: protecting stored data and tokens, protecting API, using strong authentication, notifying and educating users.

Our offerings

// Relevant products

Acra

A DATABASE SECURITY SUITE
Offers a transparent application level encryption which is easy-to-integrate to already existing infrastructures. Use AcraServer to encrypt database fields “on the fly”, use Acra’s Requests Firewall and Anomalies Detection to protect against suspicious queries.
Read moreOur offerings

Themis

A CROSS PLATFORM CRYPTO LIBRARY
A cross-platform cryptographic library for mobile, web, and server platforms, which solves 90% of typical data protection use cases that are common for most apps. Themis helps to integrate application level encryption fast and easy.
Read moreOur offerings

// Custom design and implementation

“Your data is always yours”

We design, implement and verify selective and end-to-end encryption layers for consumer apps. A key to long-time user retention is data recovery: users can lose their passwords or devices. Still, they should have a way to decrypt their data after successful authentication.

Specialized security controls

Verifiable audit logs, anonymous trackable IDs, data pseudonymisation, data firewalls, intrusion detection systems – our software has a modular structure, and we ship single modules too.

Multi-platform security

We build in security measures that work on every platform: hardware, mobile, web, server-side. They are scalable and easy to maintain, and support high load. We improve security without hurting app releases or breaking UX.

// Consulting

SSDLC

We assist your team in setting up and improving the SSDLC process for app development. We help prioritise security features, find appropriate automation tools, and always sync with the latest security guidelines and regulations.
Read moreOur offerings

Auditing and reviewing

We perform security audits and design reviews of existing implementations, how your apps protect sensitive data in storage and in transit, perform authentication, protect API, attest devices, and so on.
Read moreOur offerings

Security engineering

Encryption never comes alone. We will advise you on data migration, key management, designing application level encryption flow, implementing certain security features, assessing your product, verifying its security properties, and providing actionable advisory on improvements.
Read moreOur offerings

Relevant customer story

End-to-end encryption and multi-device synchronisation for 6M users
End-to-end encryption and multi-device synchronisation for 6M users Bear

Consumer app

End-to-end encryption and multi-device synchronisation for 6M users

Encrypting data for Bear — the Apple Design Award-winning application while focusing on performance and usability.

Read story

Have a question? Get a human to answer it!

How we make a difference

Experience in massive scale systems

Our solutions are developer-friendly, hard-to-misuse and built to scale with your business, not to constrain it.

Security customised for your use case

We cater to your specific use case. Our solutions create a separate security layer without significant design interventions and seamlessly integrate into your webd and mobile apps.

Product / UX security expertise

We assist you in designing security controls and work transparently for users, and educating users what value your app’s security brings to them and how they can benefit from it.

Combining compliance and practical security

We help you achieve better compliance with privacy regulations and standards (ETSI EN 303 645) without limiting the usability or breaking the UX.

Our mission is simple.

We help you focus on serving your customers better, while relieving your team from security engineering pains and making your users confident that their data is safe with you.

Contact us

There are many ways we can help: with our products, bespoke solutions, and engineering services. Leave your contact information to connect with our team:

Relevant blogposts

Introduction to automated security testing

Introduction to automated security testing

Keep your code shipshape and reduce vulnerabilities with automated security testing. Delve into ways and tools of software security testing that developers and platform engineers can set up and automate to make apps more secure.

React Native app security: Things to keep in mind

React Native app security: Things to keep in mind

React Native security: What developers and team leads need to know. Handle risks and threats, prevent typical security mistakes, follow best engineering practices — learn from our experience.

React Native libraries: Security considerations

React Native libraries: Security considerations

How to select a secure React Native library for your app. Sort out improper platform usage, easy to misuse API, deprecated and abandoned libraries.

Contact us

Get whitepaper

Apply for the position

Our team will review your resume and provide feedback
within 5 business days

Thank you!
We’ve received your request and will respond soon.
Your resume has been sent!
Our team will review your resume and provide feedback
within 5 business days