When news of the data breach of the mobile accounts of 10 Mn StarBucks customers came in 2014, it left everyone struggling with one question – “Is it better for mobile apps to be ‘Convenient’ or to be ‘Secure’?”
Three engineering graduates then decided to figure out a way to develop security services into a product which is easy to understand and simple in use for those who don’t have a security background.
Harshit Agarwal, Subho Halder, and Prateek Panda laid the foundation of Appknox – a cloud-based mobile security solution – in January 2014, under XYSec Labs Pte. Ltd, a company headquartered in Singapore.
The startup recently secured $651K (S$875K) funds in a Pre-Series A round. The investment was led by SeedPlus, a seed stage VC firm backed by Jungle Ventures, Infocomm Investments, Accel Partners, and RNT Associates. The raised funds will be used to mark its entry in the Southeast Asia market.
The Bug Hunters’ Journey: From Singapore To India
Appknox basically offers businesses a cloud-based ‘audit tool’ for mobile app vulnerability detection and security certification. Developers can upload their application in the backend on Google play store. It then undergoes static and real-time security testing where the app runs on Appknox’s simulated cloud devices. It has also launched an ‘automated dynamic emulation engine for the iOS platform to help tackle issues with analysis of iOS applications.
The founders initially started with finding security bugs in companies like Facebook, Google, and Microsoft for rewards and recognition. Eventually, they also held workshops for SME’s to help them handle security standards. But things were set in motion when a couple of major hacks were reported like the Snapchat and StarBucks leaks. That’s when the idea to launch Appknox struck their mind.
Their first four months were spent with JFDI in Singapore where they worked on the initial idea and built the product prototype. Then, another four months were spent at Microsoft Accelerator in Bangalore. “There we get our early set of 5-6 beta customers who provided a lot of feedback. We worked on our future roadmap, strategy and finally launched Appknox in India in January 2015,” tells Prateek.
In 2014, the team also grabbed $25K from Singapore’s The Joyful Frog Digital Incubator (JFDI) and an undisclosed amount of seed funding from Jungle Ventures along with Google India head Rajan Anandan also participating.
In India, it is currently working with clients such as Paytm, Times Internet, BigBasket, CitrusPay, and more. While in Singapore, it counts Redmart and HOOQ as its clients. It has an R&D office in Bengaluru with a team of 19 people.
Singapore vs Indian Markets: Where Lies The Difference?
According to Prateek, Indian markets are not mature enough in terms of the security business. The mobile apps garnering millions of installs on a daily basis spend major money on customer acquisition, marketing, and promotions, but hardly anything on security.
“The reason behind this is the absence of strong laws against data privacy. Even if there is a breach, there is hardly anything that consumer can do to the business so they hardly have anything to worry about,” said Prateek. “Initially, this was the biggest challenge we faced – to educate businesses to take precautionary measures for security and not to wait till the hack happens,” he added.
With the new funds, Appknox wants to tap into the potential of SouthEast Asian Markets.
According to Harshit, Southeast Asia is one of the fastest growing regions in the world in terms of the Internet economy. “With the growth of ecommerce and digital payments, security will be the most important pillar of support. With the Governments of Singapore and Malaysia announcing their Smart Nation objectives, now is the best time for businesses to start planning security on a regular basis,” he added.
Prateek believes that Singapore is a much more mature market in terms of security because it is dominated by finance and financial services companies which help establish a strong context about security. Also, the government in Singapore and Malaysia has strong policies in place for privacy and data protection and imposes up to a million dollar fine on companies who do not store data properly.
“Since the government and businesses are getting really active towards the security thing, we thought it’s the best time for us to come back here and explore the market, focus more on the Southeast Asia region. That’s why we raise some funding to help us establish a small team here, and dedicate our resources towards working in this region,” added Prateek.
Market Opportunity In Singapore Market
Research by Google and Temasek shows that the digital economy will grow to around $200 Bn by 2025. However, this growth has resulted in greater cybersecurity risks, according to Vivian Balakrishnan, minister-in-charge of Singapore’s Smart Nation programme. “The more digital technologies become embedded into the fabric of real life, you’ve got to take the necessary precautions,” he added.
90% of mobile apps in Singapore do not adequately declare what consumer data is collected or how it is used. A recent report by Gartner also state that by 2017 more than 75% of mobile apps will fail basic security checks. Also, Appknox’s study of over 100K Google Playstore apps found 85% of them already failing the basic security checks.
Appknox has garnered certain expertise by being on the board of OWASP and other western influenced security groups. It will use it to create a common support system to create a secure business environment for both government and business of all sizes in Singapore.
The Road Ahead
The Appknox founders further plan to raise their Series A round of funding within the next six-eight months, with an intention to target the US and European markets next. As explained by Prateek, the US and European markets are some of the most sought-after markets for security purposes, not just in terms of business but also because the talent available there.
“It helps in building a much better product through better quality of research. Our plan is to try and reach some Series A metrics by December so that January onwards we can raise Series A, and launch next year in the US,” ended Prateek.