TEE Provides Safe Environment for Secure Android App Development

Despite powering the majority of the world’s smart devices, Android has long been seen as the weak link in terms of mobile security. The open nature of the platform offers versatility and flexibility to app developers and the result is an incredibly diverse range of apps. However, it does mean that applications and their associated content are vulnerable to malware, man-in-the-browser and other forms of software-based threats. 

The reality is that while developers love Android, the security questions surrounding the platform mean consumers and enterprises are understandably wary; particularly when it comes to using apps requiring personal data.

The ideal would be to retain the flexibility of Android, but have the power to build customer trust; this would offer consumers and developers the best of both worlds. It would give them dependable security – a priority for customers following the barrage of cybersecurity attacks in 2014, which highlighted the need to protect personal data.

The Trusted Execution Environment

The Trusted Execution Environment (TEE) does precisely this. The facility has been devised by Trustonic to offer a safe and secure area for apps containing and dealing with critical data. It is built into over 350 million Android devices at the point of manufacture and is the most secure place in the handset. The TEE acts as an ‘on-board safe’ for trusted apps, keeping its contents completely separate from the main Android OS. Apps deployed to the TEE remain locked away and safe from whatever else may be present on the handset, making it the ideal place to store sensitive data.

The TEE is embedded into the device as part of the chipset design at manufacture. This ‘built-in’ secure area is cryptographically protected for the lifetime of the device, ensuring that trusted applications running within it benefit from a hardware level of security.

For app developers this ‘Android Nirvana,’ a haven from malware and security headaches is accessed by means of TAM (Trusted Application Management) service. The TAM loads trusted applications into secure containers within the TEE.  Each container is a secure area within the TEE, ensuring trusted apps are protected not only from anything running within the Android operating system, but also other trusted apps within the TEE.

A TAM service ensures that trusted apps are securely loaded by an authorized service, ensuring app integrity during the loading process. A key benefit of a TAM service is the ease of use it provides, both to the app vendor who does not have to worry about secure app loading, and the end user, to whom the trusted app loading process is transparent.

The TEE allays the security fears app developers have when using the Android platform. Enterprise data protection, Bitcoinwallets, financial apps and secure voice are examples of applications requiring the security assurances the TEE can offer. For those developing apps for banks and financial institutions, being able to ensure that financial data is isolated from potential attack is a real advantage. 

It isn’t just banks that can benefit from having apps developed to execute in the TEE; BYOD is fast becoming one of the biggest security issues for enterprises. In ensuring that critical enterprise software is protected by the TEE, a company can be sure that corporate data does not bleed into the hands of hackers through other apps on the device. 

Consumers are no longer oblivious to the risks prevalent in the modern digital age and are hesitant to disclose personal data without being certain of its safety; recent research from Intercede showed 44% of US consumers would never use mobile banking services. For customers, apps which make use of TEE technology give them peace of mind and present app developers with the opportunity to build an important bridge of trust between themselves and their users.

In 2008 the iPhone slogan was “There’s an app for that” and on Android in 2015 there are likely 100 apps for that; app developers must stand out from the crowd and offering a service that customers can trust is an ideal way to do just that. Having an app which makes use of the TEE says to customers, ‘We take your privacy and personal data seriously’ and is a real selling point.