Over last decade, smart-phone usage has sky-rocketed to an extent of becoming a trend followed by seemingly every person you pass by on a street. Even mobile platforms like Android, iOS, Windows, BlackBerry, etc. are in a race to attract maximum number of users. Most users rely on their smart-phones for social interaction, private conversation, online shopping, e-banking and other similar tasks.
However, with the increase in the use of smart-phones, cyber attackers have upgraded their standard attacks on websites to hijacking or hacking smart-phones to steal users’ identity credentials, phone data and other sensitive information stored in the device. Therefore, it is very important for developers of mobile applications/software to develop more complex and trustworthy applications using digital technology.
After developing applications/software, it is very important to secure their codes and scripts to prevent attackers from tampering the application. To secure code, developers need to use Code Signing certificates, which are offered by trusted certification authorities (CA).
Code Signing certificates enable developers to sign executables and scripts to verify their identities before distributing them on the Internet.This guarantees to the user that the code or the application has not been altered since it was signed by the author using cryptographic hash function.Trusted root CAs sign these certificates using Public Key Infrastructure (PKI).
It has been found that, when a software or an application is signed using a Code signing certificate, it achieves more downloads on the Internet. The reason being that code signing shows confirms the author’s identity, which users find trustworthy enough to download from the Internet.
Code signing increases users’ trust in following two ways:
Code Signing Certificate Path
Code Signing certificate is verified in following chain of CAs.
Users can know the details about the application or software being downloaded by having a look at the warning window generated during the process. On this, the users can find the author’s name and website included, which helps them decide about the authenticity of the application or software.
It can be explained with an example of an executable file iTunesSetup.exe.See Figure 2. In the pop-up window, one can find the publisher’s name as Apple Incalong with Apple’sofficial website.
To sign a piece of code, the author has to perform following steps:
Verification of the application/ software at the users’ end:
Most of the steps mentioned above are handled by the users’ Operating Systems automatically.
Software developers and publishers using any of the above mentioned platforms can use Code signing certificates to reduce the unusual error messages or window pop-ups that stops customers to go forward with downloading the application. Absence of such windows boosts users’ confidence in the authenticity of the application.
With Code signing certificates, developers can distribute their codes, applications and software on the Internet. Safe enough for the users to download it without worrying about the author’s identity or the software’s authenticity.