How do you store your app data?

Mobile devices are increasingly used for security-sensitive activities such as online banking or mobile payments. This usually involves cryptographic operations, and may introduce challenges related to securely storing data on the device. At the same time, attacks and exploits on mobile devices continue to mature in sophistication. So, what are your options?

  • Store data unencrypted: You can store data unencrypted, but it’s not advisable for sensitive data..
  • Roll your own: You could «roll your own» by storing crypto keys in plain text in your application code. However, using plain text means there is limited protection to a user’s run-time data.

  • Whitebox crypto solution: You could implement a stand-alone whitebox crypto solution. This is however complex, time-consuming and costly. A whitebox solution is comparable to building a safe deposit box from scratch. Why not buy one in-store?

  • Hardware backed storage: You could choose hardware backed storage. Not all devices have the necessary hardware components to support this. Secondly, if your app or the end-user device is compromised (rooted/jailbroken), sensitive data could potentially leak.

  • Secure Local Storage (SLS) by YESsafe AppProtect+: A state-of-the-art security feature that provides the ability to store app secrets locally on the end-user device in a secure manner. Compared to other solutions, SLS by YESsafe AppProtect+ is unparalleled in terms of simplicity and user-friendliness, while ensuring the security of your data.

Secure local storage made easy!

All data stored using Secure Local Storage (SLS) by YESsafe AppProtect+ will be encrypted according to the latest standards and recommendations protected by YESsafe AppProtect+’s proven security technology. The feature does not rely on device functionality (such as keychains) to provide secure storage of sensitive data and is fully self-contained. The encryption keys used are never stored on the device, or added in the static code of the app, but are dynamically generated on the device protected by YESsafe’s whitebox backed solution. This further ensures that the data is device-bound, and cannot be copied to a different device.

Why Secure Local Storage (SLS) by YESsafe AppProtect+?

  • Easy to integrate: Reference code and well-defined APIs are provided.

  • No crypto knowledge required: As an app provider, you don’t have to deal with crypto complexities. This is time-consuming and often cumbersome.

  • State-of-the-art RASP: The feature uses YESsafe AppProtect+ to protect app secrets when used in an unencrypted state.

  • Cross-platform: SLS by YESsafe AppProtect+ is offered as an extension on Android, iOS and Windows.

Protect your API keys, Certificates, and Other Fixed App Secrets

Often, your app will have fixed secrets such as certificates or API keys that you need for the security of your app’s operation, but you’d rather not have them easily extracted from your app.

Hardcoding app secrets directly into the application assets or source code and potentially relying on obfuscation methods for security, is a common strategy for many app developers. This is however not enough to properly protect your secrets, and hackers can easily retrieve them by reverse engineering.

  • Did you know?

    Mobile health apps leak sensitive data through APIs, a report finds. The 30 apps that were hacked collectively exposed 23 million mobile health users to attacks. Of the 30 apps, 77% contained hardcoded API keys and 7% had hardcoded usernames and passwords.

    According to Gartner, hardcoding API keys or other credentials in web and mobile applications is one of the four most common API vulnerability paths, and the method makes such secrets subject to decompiling attacks.

Unique Solution to a Difficult Challenge : Secure Application ROM (SAROM)

Secure Application ROM (SAROM) offers a simple to use solution to a challenge that is difficult to solve on any mobile platorm – protectng specific assets in a published app. It suits a number of use cases where sensitive data must exist in the published app.

  • Protects TLS Certificates

  • Protects API Keys


Shielding and protecting an application with YESsafe AppProtect+ is an automated process easily done with our implementation tool, Shielder. With the SAROM API, your application can dynamically retrieve data which is encrypted by Shielder during Shielding. All data stored using this feature will be encrypted according to the latest standards and recommendations.


FormCraft - WordPress form builder