A Peek Under the [Data] Hood: DNS Security is Now Available for Mobile Devices

 In Blogs & Bloggers

By Will Chow,Mobolize  | CTO, Co-Founder  

Modern  mobile operating systems  have done an excellent job of protecting users from  harm.  But like many things, this is a case of good news and bad news. The good  news is that app stores prevent  most  bad  apps  from  getting onto the device  and app sandboxing  limits the damage from  bad apps that  happen to  sneak  into the app stores.  

The bad news:  app sandboxing. The same  security mechanism  that  prevents  a bad  app from accessing  data of other apps  has also  literally  boxed out  traditional  security apps  from being able to  detect these bad apps. This means that  if an app  sneaks past the  Google or Apple  review process, we can be  pwned. Unfortunately,  this  has occurred far too many times,  not just  with  Android  (e.g. Stagefright exposed >1 billion devices to takeover via  a single  MMS),  but  also iOS  (e.g. XcodeGhost trojan horse found in >4000 apps.) These attacks  will continue because the rewards are  simply  too great and, frankly, Google and Apple need help. 

The  solution?  Guard the “front door” of a device  with DNS security.  After all, when an iPhone or  Android is first turned on, it is new and clean (of any malware) and the only way it can be infected is through the  Wi-Fi  or cellular  network.  For decades, malware and phishing attacks have been effectively  blocked  on PCs  by using a “filtering” DNS provider that detects malware, phishing sites and other undesirable content before they can be downloaded to a computer. The problem is that one can’t just point a mobile device at the filtering DNS provider of choice since DNS settings are also locked down, ostensibly to prevent malware from changing a device’s DNS. But this also prevents enabling the DNS protection service of choice on ones’ own device. 

Well, we at Mobolize have an app for that and  this little app (e.g., just 6 MBs on Android)  contains our  patented  Data Management Engine that  enables our partners to seamlessly  connect their cloud-based services, such as a filtering DNS protection service or Secure Web Gateway (SWG),  to  any  mobile  device.  By hooking into the network stack using our  SmartVPN® technology, our  engine has the  unique  advantage of  handling  all  IP packets on  Wi-Fi and cellular  traffic  without needing a VPN server  and can  thus  support any internet  protocol, including TCP, UDP and DNS.  

That  means  the  Mobolize  Data Management Engine  enables our partners  to  provide a wide range of services, such as  encrypting traffic on public Wi-Fi’s, reducing data consumption on cellular networks, and (back to the topic of this blog) protecting users from malware and phishing sites. 

Because of  this ability,  the  Data Management Engine  becomes  a smart data traffic manager that ensures the best connectivity and security on mobile devices, including the  ability to leverage  third-party  DNS  protection services or SWG threat and DLP scanning.  By routing all  IP traffic  through our engine,  intelligent packet-level decisions  can be made regarding  malware, phishing and inappropriate  content  filtering at a  fine-grain  level that provides real protection against threats  on mobile devices.  


A major  advantage  of our seamless  integration into the mobile device’s network stack  is that it provides  protection for both  native  apps and  web  browsing  across  all user activity on any cellular or Wi-Fi network, supporting both standardized protocols (i.e., DNS over HTTPS or TLS) and proprietary protocols used by our partners. Another major advantage is that no MDM is required, so protection is extended to all types of users, thus allowing enterprises to protect BYOD devices and carriers to protect consumer devices. 

With this new approach, our partners  now  have the ability to  bring their  SWG or DNS services to the mobile world. An example is, in partnership with Akamai, CIRA Canadian Shield  offered by the  Canadian Internet Registration Authority (CIRA.)  It’s  a free DNS protection service that provides online privacy and security to individuals and families across Canada. 

With CIRA Canadian Shield,  Mobolize  is the first company to bring a full-featured DNS  protection service  to the everyday mobile user.  The user can select the protection level they want from  simple  private DNS service  without blocking  to DNS blocking of malware,  phishing  or  objectionable content.  

Now, the  Mobolize  Data Management Engine  not only enhances and optimizes your mobile’s network connection, it also  provides  the best – and only – platform for extending the next generation of security services to the mobile device. That’s smart. Mobolize smart. 

Recommended Posts