Mobile App Security Toolkit (MAST)

Today, many iOS apps are unprotected. Whether the code’s security was incomplete at launch, or the user’s device carries malware, proprietary data such as algorithms, content, and crypto keys are vulnerable to reverse engineering, runtime tampering, and the jailbreak environment.

That’s where MAST can help. Developed as a part of DARPA’s Cyber Fast Track, it offers iOS app developers a degree of security that is normally the domain of industry experts. Without modifying the source code, MAST bakes in dozens of novel software protection techniques.

Using the LLVM compiler infrastructure as a platform for mobile software obfuscation and protection, MAST exists as several whole program transformations. It encrypts sensitive code and diffuses it among myriad ‘dead ends,’ making static analysis a months-long task. To evade runtime tampering, MAST embeds checks that set off alarms when tripped, and prevents attackers from inspecting the code. Finally, since apps can’t trust a jailbroken environment, MAST helps them know when to turn off and stay off.

The result: the app behaves as a black box: data goes in and comes out, but no one can see how it works. Not reverse engineers, software pirates or competitors.

When those bad actors change their tactics, MAST will respond. That’s because we monitor for new threats continuously. Every update of MAST -once recompiled into its host app- breaks attackers’ newest tools immediately, setting them back to zero.

Next Project