Keynote: Communty-Driven Security as Collective Defense with Tomáš Soukal (Talsec)
The Talsec Mobile App Security Conference in Prague was a two-day, invite-only event on fraud, malware, and API abuse in modern mobile apps, held at Chateau St. Havel on November 3–4, 2025, and hosted by Talsec, freeRASP, and partners. It brought together leading experts and practitioners to strengthen the mobile AppSec community, connect engineers with attackers and defenders, and share practical techniques for high‑stakes sectors like banking, fintech, and e‑government.
Tomáš Soukal (Talsec) delivered a keynote addressing how Talsec operates as a "community-based company" where security is "community-driven". Talsec currently protects thousands of applications running on almost two billion devices. The core of this approach is recognizing that the company's community includes both adopters (developers and users) and adversaries (attackers and penetration testers)
The Value of the Two Communities
Both communities, the adopters and the adversaries, play critical roles in improving the Talsec SDK.
Adopters
Developers and users who adopt the SDK provide essential feedback by asking questions, opening GitHub issues, submitting tickets, and testing the software. This community effectively acts as a global QA team, running the SDK on unusual devices and under extreme scenarios. Their input generates hundreds of issues and discussions across platforms, offering a scale of testing impossible to achieve internally.
Adversaries
Attackers contribute by performing penetration tests, identifying vulnerabilities in the free RASP product, breaking into the SDK, and publishing write-ups on platforms like Frida CodeShare. These public exploits serve as a valuable learning resource, enabling Talsec to rapidly develop fixes and strengthen the product. For example, the RASP 17 release incorporated dozens of updates addressing community-reported bugs, requested enhancements, and bypasses discovered by adversaries.
Key Security Challenges and the Community Solution
Talsec faces significant security challenges due to device diversity and platform fragmentation.
Fragmentation Numerous Android and iOS versions complicate efforts to keep up with evolving threats, hacking methods, and new tools.
Compatibility The SDK must remain compatible with modern build tools across native Android, iOS, Flutter, React Native, Capacitor, Cordova, and gaming platforms such as Unity and Unreal Engine.
Edge Cases The SDK must handle uncommon scenarios, including pre-rooted devices, TV boxes, payment kiosks, and Raspberry Pi devices running Android. Budget devices often exhibit non-standard behavior, resulting in issues such as key store race conditions or media DRM differences.
Community contributions are essential for broad coverage and actionable feedback. Fixes and enhancements applied for one developer benefit all users, creating a “one-to-many-to-one” feedback loop that supports the development of one of the most widely used RASP solutions.
Feature Testing and Giving Back
Talsec uses a feature testing system within the free RASP product, operating in ignore mode so that application verdicts remain unaffected. This system allows testing of new ideas in the field, including free malware detection intelligence, with public participation.
The company also contributes back to the community through:
Knowledge Sharing: Publishing articles and sharing mobile security expertise through an authorship program.
Structured Contributions: Supporting projects such as the OWASP Mobile Application Standard, including a recent article on rooting.
Talsec Portal: Providing a platform where users can view data, statistics, trends, and the global state of mobile security, enabling the community to benefit from accumulated knowledge.
Technical Insights on RASP Functionality
Key technical aspects of RASP include:
Attackers and Privileges: RASP operates at runtime, monitoring the application while it runs. On devices with elevated privileges, such as rooted devices, RASP detects remnants of rooting frameworks, leftover files, and other artifacts.
App Review Process: While Google Play’s review process is partially automated, RASP checks for emulators without affecting the SDK’s high success rate (99.999…%). The SDK does not require or store dangerous permissions.
Free vs. Commercial RASP: Free RASP is designed to provide maximum security within technological limitations. RASP Plus offers enhanced protection, including high-level bypass mitigation for UI callbacks, which require additional build process modifications.
Appicrypt: Appicrypt ensures that the Talsec SDK initializes and runs fully. Running in the same process as the application, the SDK generates an encrypted payload with device and run state information. Clients attach this payload to HTTP headers, and the backend verifies integrity using a lightweight script. Clients retain full control of their encryption keys.
Talsec primarily serves clients in fintech, banking, and health tech, with additional clients in e-government, gaming, and industrial sectors.
Last updated
Was this helpful?