Five of them were selected with one lucky winner. Once again, the startup competition organized during the PwC Cybersecurity Days was a great success and the solutions chosen are, in themselves, of the greatest interest. In the end, Build38 won the jury’s vote with its security solution for mobile applications. We spoke to co-founder and CEO, Christian Schlaeger.
Photo: Chrisitan Schlaeger, co-founded Build38 with eight friends / Credits © Build38
Tell us more about Build38?
Build38 was founded by 8 friends back in 2018 all coming from cyber security and mobile security backgrounds because we think that all people have a right to data privacy preserving mobile lifestyles. In contrast to looking at the device and trying the old AntiVirus software play we think it must be the app that secured the data. Because a service provider also has the benefit of a secured app he is willing to invest in mutual privacy and security.
What is your solution about?
The Build38 Trusted application Kit (T.A.K) secures any app on iOS and Android fighting fraud attempts, attacks and data breaches. It contains 3 dozen security features to protect the app even if you have an untrusted or malware infected device by using the TOFU principle. TOFU – Trust on First Use together with the Shift-Left Security paradigm (doing good software right from the start!) creates a delf-defending app and a trusted environment for mobile business and modern lifestyle.
Our solution is attractive for customers. For the app provider it secures communication, IP, provider data and compliance. And for the developer, it saves time on resources. Last but not the least, it also saves the GRC team and CISOs SOC and fraud costs by hardening the app. However, if push comes to shove – the Build38 portal gives them the means to fight back individually and forcefully.
“We are growing in the digital health space and want to extend our solution there as well as in the European automotive and banking industries”.
What are the main security threats on mobiles?
Firstly, in B2C use cases it is usually a malicious / data feeding 3rd party app that steals your identity and data out of a legit app. You might not be aware of it but you are having a spy on your phone that breaches your confidentiality with another app provider.
Second, as soon as you publish an app in the app stores you get attackers trying out how to break your app: for them it is ideal because if you are not secured (by us) you leave your API access, identity mechanisms and IP out there in the open for everyone to take advantage of. What we detect after every release are numerous debugging and emulator attacks trying to steal information and code out of these apps. By now you have an industry of rogue apps meaning look-a-like apps that you download thinking the are genuine but in reality they steal your identity and much more. These rogue apps are used for Fraud. As soon as you reach a certain download size or you have something valuable to offer, you will get attacked.
Who are your clients? What are their needs?
Our clients come from the financial, transport, digital health, automotive and the identity industries. apps are a global success and so are the problems. We have customers from China to Catalonia with different use cases but all of them are facing a strong enemy in attacks and data leeches attacking their business models.
To what extent has the crisis amplified cybersecurity risks?
While the attack vectors have not changed much, with the digital becoming the new normal, the attack space has grown. We see a lot more transactions in the mobile business space with attackers trying to make the most out of it. We estimate that 30% of transactions in the mobility industry are fraudulent.
Apart from that getting as much data as possible out of devices and other, apps have increased. apps steal data from other apps to enhance the digital data set one has of you. This violates GDPR of course but it also violates our basic understanding of privacy and data ownership.
What’s next for Build38?
Build38 is a deep tech scale up looking for the next growth stage.
Buzzwords aside: we have the right tech and the right product market fit. Customers understand why they need us and what is the benefit of our solution in comparison to the competition or doing nothing. We are growing in the digital health space and want to extend our solution there as well as in the European automotive and banking industries using our experience in China and Asia to enable new business models here as well. 2021 will be a key year for us growing commercially with the new ideas we have developed since March – stay tuned!
PwC Cybersecurity Days 2020 – Podcast Series – A talk with the finalists from PwC Luxembourg on Vimeo.
