The future of app security
Trusted user interfaces (TUIs) are the next big step in ensuring safety and security for critical mobile apps. Beyond calling, chatting, and accessing the Internet, our smartphones have become a primary channel for virtually all online services.
The trusted user interface feature allows an application to interact directly with the user through an ordinary display and touch screen, isolated from the device’s primary operating system.
Making payments is an obvious example; accepting payments with mPOS (mobile point-of-sale) smartphones applications are becoming increasingly significant. As are applying for loans, obtaining and using travel tickets, and many other use cases. Even automakers see the possibilities of using their phones as the key to their cars, not only because it’s already in the pockets, but because it enables new use cases, such as car sharing.
TEE with TUI = The most comprehensive security solutions for apps
Trustonic’s app security solution is a set of tools that enables application writers to develop applications that use the most robust security available on most Android smartphones.
Trusted Execution Environment (TEE) is a wholly secure environment that runs outside the Android operating system and is protected at the hardware level by the same CPU that governs the entire system.TEE is a surprisingly little-known feature, despite being present in almost every smartphone. The TEE takes advantage of all the essential Android and OEM services: Keymaster, biometric unlocking, Samsung Knox, Samsung Pay, and many more.
Trustonic’s app security TEE implementation is the most prolific in the global market, and Beyond Technology can help you implement it in your apps and systems efficiently.
In many smartphones, this crucial (but almost invisible) secure subsystem has a surprising trick up its sleeve, which is about to make the TEE much more visible to everyday smartphone users.
Safeguarding the user and interacting with the user in an OS isolated environment
When developers use TUI correctly as an essential part of the app security system as part of an application’s UX, it can temporarily control a smart device’s screen and touch sensors at the hardware level, providing a trusted user interface (TUI).
It is a UI feature in the developer’s toolbox that is especially valuable during security-sensitive human interactions because malware cannot attack over the primary operating system. The Android OS does have no access to the hardware while the TUI is active, which means that malware cannot capture the screen or simulate touches, even if the phone is rooted.
TUI is a great security feature for apps, even if it has been hard to use. The APIs provided are low-level: start, stop, image blit, detect touch. No widgets, no fonts, no text, no OpenGL. In practice, TUI was accessible to the few expert developers, researchers, and cybersecurity companies like Trustonic that were at the forefront of new developments.
With the latest security release for Trustonic apps, this has changed. TUI user interfaces now it is possible to create using the new Layout Manager feature. It is a simple XML-based layout language, similar to Android or HTML layout. For example:
- Layout Manager’s XML language is straightforward but hides a lot of power. There is full support for True Type and Open Type fonts (ensuring that an attacker cannot fool the user by replacing font resources), internationalization, buttons, menus, scrolling text, and animation. As with a modern web browser, the user interface is represented as a document objects model (DOM), allowing the application code to manipulate it as it sees fit, from simple examples such as pin pads, full keyboards, scrolling text, and images, to anything else.
- While this app security solution provides all the necessary tools for rich design manager UI with products defined in XML, there is also the availability of a graphical editor to create these UI. It allows simple copy-and-paste editing and simulates the trusted user interface directly in a web browser.
Layout Manager is compatible with all phones that ship with the ‘low-level’ TUI APIs, for example, in the Samsung range, from the Samsung S6 onwards. It allows Trustonic’s app development partners to utilize TUI, and VW has led the way, securing digital key sharing for its cars using TAP and TUI.
The last few years have seen a steady increase in the understanding of TUI and its benefits in experimenting with TUI-protected interactions. Support for TUI is rapidly expanding to more device manufacturers and smartphone models and the application development community at large.
Implement the latest security technologies for apps
We believe that protecting critical, sensitive, and valuable interactions between users and their smartphone screens and keyboards is ready to shift rapidly towards the Trusted User Interface technology. That’s why we offer a whole set of tools and platforms from which your company and developers can take advantage. Get in touch now to learn more about the wide range of specialized resources to ensure the app security your company develops, what your users or potential customers expect.
