White-box Cryptography is a type of encryption that can be used for advanced mobile device protection. It is often implemented to protect private keys that are swimming in the rich operating system, rather than secured in the most trusted area of the device, which would be a hardware trusted platform module (TPM).
In instances where an app’s security does not store authentication keys in the TPM, the keys would be more vulnerable to specific attacks where the devices are overtaken and its contents analyzed. White-box encryption is software but it mimics the difficulty that key extraction would have were the keys stored in the TPM.
A white-box attack is any kind of attack that attempts to remove or reveal the private keys held inside. White-box cryptography is a complex layer of encryption that makes the key removal by driving up the costs and efforts to where a successful attack is infeasible.
“White-box cryptography, when added to a mobile security solution, helps prevent a lost, stolen, or malware-compromised device from being reverse engineered to extract sensitive information such as authentication keys.”