Advertisment

What makes Yahoo keen on SSL pinning?

New toolkit can finally help avoid eavesdropping on data connections on mobile apps, and help developers achieve what was a time-hogging concept so far

author-image
Pratima Harigunani
New Update
ID

LAS VEGAS, USA: Yahoo is joining hands with Data Theorem, a provider in mobile app security, and unveiling a new, open source security toolkit, that they say, helps developers easily include complex mobile security functionality, known as SSL pinning, on any app.

Advertisment

SSL pinning is being touted as a step developers can take to ensure eavesdropping cannot occur on data connections on their mobile apps, by making sure the client checks the server’s certificate against a known copy of that certificate. While the concept is well known, it has traditionally been difficult and time-consuming to implement.

“SSL pinning often goes overlooked when developers are designing mobile apps for scale, but it is crucially important to the security and privacy of communications on billions of mobile devices,” said Himanshu Dwivedi, CEO of Data Theorem. “With this new, open source toolkit, we are making it simple to significantly upgrade the security and privacy of every mobile app, and all of its communications.”

With the release of iOS 8, Apple relaxed rules regarding how code can be packaged within an iOS App. Previously, all code had to be statically linked into the apps binary. Apple is now allowing third-party frameworks and libraries to be embedded in an apps package and dynamically loaded at runtime as needed. This provides new opportunities to mobile and security engineers to improve the security of apps during development. Developers can now take advantage of this functionality, and utilize a new open-source library that leverages these mechanisms.

TrustKit provides “drag and drop” SSL public key pinning and can be deployed within an app in a matter of minutes, without having to modify the app’s source code.

api tech-news yahoo