Code Signing – trusted providers sign their applications
October 25, 2023
Proper code signing will be a key security factor in the era of modular architecture popularity. Certum experts from the Asseco Group have no doubt about this.
Gartner analysts point to the security of composable architecture as one of the most important technology trends. Organizations want to respond more efficiently to market changes and customer expectations. Therefore, they are increasingly creating applications using ready-made modules, replacing previously used monolithic systems. This allows them to deliver solutions to the market faster and thus provide a competitive advantage. By 2027, more than 50 percent of key business applications will be built using a composable architecture.
What is code signing?
Certum Code Signing Certificates enable the digital signing of applications, drivers and programs, thus certifying their authenticity. Furthermore, they allow determining whether third parties have made changes to the code since the signing, as there are cases when cybercriminals attempt to obtain Code Signing certificates for use in malware campaigns. Fortunately, detailed international standards effectively deter and prevent such actions.
Signing applications and the battle for customers
The increasing popularity of Code Signing Certificates is related to the intense competition in the application market, where the delivery time of innovative products that meet consumer expectations matters. This is particularly evident in the mobile application market. According to "The State of Mobile 2023" study, the number of downloads of mobile applications reached 255 billion in the past year, marking an 11% increase. As per predictions, in 2025, we may see a rise to 300 billion. These figures show that the application market is growing dynamically, which, according to Asseco experts, will put even more strain on IT departments, which will have to implement solutions to streamline their work.
"Using ready-made modules allows IT teams to work faster, significantly reducing the time spent on adapting applications. The pressure on IT departments, expected to deliver business-supporting solutions rapidly, increases every year. Under such conditions, ensuring security is critical. Software developers must be certain that the code they use is safe. Code Signing Certificates are the simplest way to verify this, especially when there are changes in the team or when the organization is large, making efficient information flow challenging," says Aleksandra Kurosz, Senior Quality Specialist at Asseco Data Systems.
“Unknown publisher” message
Code Signing Certificates not only enhance security within IT teams but also eliminate the problem of code anonymity on the network. Thanks to the digital signature, users who download the application will not see the "unknown publisher" warning when installing or running the program.
"When we download an application, a window appears with essential information. If the "author" field displays ‘Unknown Publisher’, many users may refrain from installation, fearing for the security of their device. This is because the software owner has not been positively verified by the Certification Authority. The Code Signing Certificate allows you to 'sign' the application, so users know that it comes from a publicly trusted publisher," - explains Anna Sikorska, Product Manager at Asseco Data Systems.