Pega Mobile Advanced Security on Device
Hi
We have some security-related questions to clarify from Pega. Please confirm whether the below requirements can be done in Pega Mobile Application.
1. The app detects and responds to, the presence of a rooted or jailbroken device either by alerting the user or terminating the app.
2. The app prevents debugging and/or detects and responds to, a debugger being attached. All available debugging protocols must be covered.
3. The app detects, and responds to, tampering with executable files and critical data within its own sandbox.
4. The app detects, and responds to, the presence of widely used reverse engineering tools and frameworks on the device.
5. The app detects, and responds to, being run in an emulator.
6. The app detects, and responds to, tampering the code and data in its own memory space.
7. The detection mechanisms trigger responses of different types, including delayed and stealthy responses.
8. Obfuscation is applied to programmatic defenses, which in turn impede de-obfuscation via dynamic analysis.
Pegasystems Inc.
PL
Hi @Sutharsan,
tampering and Dynamic Analysis Prevention is not done by the Pega Mobile Client. There are no OOTB features available to meet these requirements. For customers distributing their apps using the enterprise model, Pega recommends hardening the MDM policies where applicable to achieve some level of anti-jailbreak protection. In such a case, the appropriate setup may allow addressing some of the points you mentioned.
Thanks,
Mateusz