Our code writing is verified and validated at various stages of development for guaranteed quality. We use ProGuard to ensure that the code cannot be reverse-engineered or obfuscated. Code hardening, code signing, and FindBugs are then used to test it repeatedly.
With active tamper-detection deployed, we make sure that the code does not function at all if modified. It even sets off alerts when someone tries to tamper with the code or inject malicious code.
Ensure that applications can request only the minimum privileges required for them to function. We help design applications with optimum network connections and usage permissions to minimize risks of misuse and unwanted information exchange.
Encrypt every single unit of data that is exchanged over any app. With such data encryption practices in place, even if some data is stolen, there is a null probability of security threat or misuse.
Implement stringent authentication rules wherein only strong alphanumeric passwords that are renewed every three or six months are accepted. In the case of sensitive apps, leverage biometric authentication like fingerprints.
“Sessions” on mobile last much longer than on desktops. This makes session handling harder for the server. That is why Infinite uses tokens instead of device identifiers to identify a session. These tokens can be revoked any time, making them more secure in case of lost and stolen devices.
Infinite never hard codes any keys to avoid codes breakage. We never store keys locally on the device but securely in containers. Some widely accepted cryptographic protocols like MD5 and SHA1 are used along with trusted APIs, such as 256-bit AES encryption with SHA-256 for hashing.
Infinite invests in penetration testing, threat modeling, and emulators to continuously test the apps for vulnerabilities. We fix those with each update and use issue patches whenever required.