Shift left critical to app security; Build38 raises €13M for trust development kit

Apps are perhaps the weakest link in enterprise security. The era of cloud computing and hybrid work has created an environment where apps are a core target for attackers. Research has found that 42% of organizations have experienced a security incident related to unpatched mobile apps or devices. 

However, more and more providers are emerging to harden app defenses against modern threat actors. One is mobile security and app monitoring provider Build38, which today announced it has raised €13 million as part of a Series A funding round led by Tikehau Capital. 

One of the organization’s main solutions, the Trusted Application Kit (TAK), is a software development kit designed to integrate with Android and iOS apps during the development phase to embed threat detection capabilities into the app. 

This funding suggests that shifting security left and embedding in-app protections early in the development process could hold the key to reducing the chance of threat actors exploiting end-user devices at the network’s edge.

Security by design is the way forward 

Build38’s announcement comes not just as cloud adoption continues to grow, but as more organizations confront the reality of threats that target not just endpoints at the network’s perimeter, but also users’ personal mobile devices in remote working environments. 

“In the cloud era, organizations are now aware of and vulnerable to attacks and threats originating from anywhere,” said Christian Schläger, Build38’s CEO. “Whether you’re a car manufacturer in China, a traditional commercial bank in Ghana or a fintech company in the UK, all companies are facing similar threats from attackers taking advantage of the fact that the ‘perimeter’ to penetrate an organization’s network no longer ends where the service provider decides.”

He continued: “Attackers can now reach any individual user right in their ‘pocket,’ simply from downloading an app from an app store.”

Build38’s in-app protection mitigates these threats by using AI to identify modifications, reverse engineering and code manipulation within the app. This can complement existing controls offered by Google Play and the App Store.

TAK also has the ability to generate events and forward the data to an external SIEM when an app acts suspiciously so that security teams can identify potential breach attempts. 

The mobile security market 

Build38’s tool falls within the mobile security market, which researchers valued at $3.3 billion in 2020 and project will reach $22.1 billion by 2030. This represents a compound annual growth rate (CAGR) of 21.1%. 

One of Build38’s main competitors in the space is mobile endpoint and application security provider Zimperium, which Liberty Strategic Capital acquired last year for $525 million. 

Zimperium’s tool provides run-time threat visibility, security, and compliance scanning, and can identify when a hacker attempts to tamper with an app. It also integrates with external UEM and XDR platforms. 

AppDome is another competitor, designed to secure Android and iOS apps with runtime protection, anti-debugging and anti-tampering capabilities. 

The main difference between Build38 and these competitors, Schläger says, is that it combines “a client-based solution (which makes the app ‘self defending’) with a backend component for observability, allowing organizations to monitor and fight against threats in real time, and provides threat reporting for their teams.”