Announcing the DashO v10.2 Release with Resource Encryption for Android

January 23, 2020 1039 Views Matt Insko

The DashO 10.2 release introduces a major new feature: Resource Encryption for Android. It's currently in beta, but is fully supported for production use. It allows you to encrypt the resources embedded in your APK, better protecting your Android application against static attacks.

This functionality integrates directly with your existing Gradle build, encrypting the resources during the standard build process. DashO then injects code into your protected application that will decrypt those resources at runtime.

Resource Encryption is off by default, but can be easily enabled in the DashO UI. The UI makes it easy to enable, or disable, the encryption of specific resources via drag and drop. It currently supports encrypting both assets and raw resources.

Once you install DashO 10.2, using this feature is easy.

Enable on an Existing Project

If you are not currently using Android Mode, introduced in DashO 10.0, please upgrade your project.

First, make sure you are using version 1.1.+ of the DashO Gradle Plugin for Android in your build.gradle file. The previous version does not support Resource Encryption. Next, open your configuration file (e.g. project.dox) in the DashO UI and enable Resource Encryption.

Enable on a New Project

Use the wizard to integrate DashO into your application's build process. This will add version 1.1.+ of the DashO Grade Plugin for Android, which supports Resource Encryption. Next, enable Resource Encryption in the DashO UI.

Building and Testing

This is a beta feature and there are some limitations. It targets select Android resource APIs. Specifically, DashO automatically injects code to decrypt streams produced by the following method calls:

AssetManager.open(String)
AssetManager.open(String, int)
Resources.openRawResource(int)
Resources.openRawResource(int, TypedValue)

Note: If you know certain resources are not read using one of these APIs, you will need to exclude those particular resources from this encryption feature.

Including or Excluding Resources

Once this feature is enabled, DashO by default will encrypt all the assets and raw resources in your application. However, this can be easily configured.

Run a Gradle build then open or refresh the configuration file in the DashO UI. You should see the resources under Resource Encryption -> [Asset|Raw] -> [Include|Exclude].

Depending on how your resources are used, you can either choose to include ones that use the supported APIs or exclude ones that do not. Simply drag the file(s) from the left-hand side to the right-hand side.

Feedback

More information about this feature can be found in the User Guide. We are working on improving this functionality. If you run into any issues or if there are additional Android resource APIs that your application uses, please contact us.

Latest Blog Posts

Dotfuscator 6: The Next Era of Dotfuscator

In the months since we released the Dotfuscator 6 beta, we’ve been hard at work finishing the feature set, fixing issues, and putting on the final touches in preparation for the full release. Now, we are happy to announce the full availability of Dotfuscator 6!

It’s official. COVID-19, more commonly known as the Coronavirus, has been declared a global pandemic by the World Health Organization (WHO) with hundreds of thousands of cases worldwide. In the United States, restrictions are ramping up as case numbers soar — New York governor Andrew Cuomo has ordered all nonessential workers to stay home, and my own state’s governor Mike DeWine has issued a statewide shelter-in-place order.

Along with disruptions to daily life, the expanding impact of COVID-19 has forced businesses to rapidly pivot and adopt remote-work models — even if they have no experience with mobile connections and on-demand collaboration. The result is a surge in remote everything, from team chats to primary school education to project management and even healthcare delivery. See my previous blog on our customer commitment during the age of Coronavirus.

And while efforts to bridge the digital divide are having a positive impact for both workplace productivity and the mental health of those in isolation, there’s a potential pitfall: Cybersecurity. As noted by CNBC, there’s already been a significant uptick in scam and phishing emails — but what happens if malicious actors breach critical apps and services?

At PreEmptive, we’re closely following the evolving Coronavirus (COVID-19) public health emergency, and our thoughts are with those affected and their families during this difficult time.

We are taking precautionary steps to continue normal operations without affecting our customers. At the same time, ensuring the health and safety of our customers, partners, and employees is our highest priority.

We have provided application protection software to the world's top organizations for more than 20 years. Although, this case is somewhat unique, it is not the first time we have been confronted with economic disruptions and uncertainties. Prior critical lessons have helped shape us into the company we are today: a robust organization with layers of contingency plans in place, a strong balance sheet, and an experienced team that values long-term relationships with our customers and partners above all else.

Evolving Hazards, Emerging Hope and the Expanding Human Element

The theme at the RSA conference this year is the “Human Element” — the critical role of individuals in the efficacy of organizational security measures. Along with sessions about the hazards of IT complexity and the hope of ethical AI, the expanding impact of COVID-19 concerns offered a real-world example of human elements at work, highlighting how IT staff can both help — and hamper — the effectiveness of infosec efforts.

Here’s a look back on some of my biggest takeaways from RSA 2020.

Unlike Y2K, 2020 was not preceded by waves of doomsday predictions, hype and frenetic IT overhauls. Developers are still under pressure to produce more, in less time, and at a lower cost, enterprises are as committed to their love/hate relationship with software as ever, and app users still expect perfection.

…but don’t let the usual crush of work and expectations lull you into a sense that it’s just the same old sprint to the next development project. Recent enforcement precedents, regulatory milestones and standards updates strongly suggest that 2020 app development and app security requirements will be anything but “business as usual.”

Announcing the DashO v10.2 Release with Resource Encryption for Android

Enable on an Existing Project

Enable on a New Project

Building and Testing

Including or Excluding Resources

Feedback

Dotfuscator 6: The Next Era of Dotfuscator

Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

Our Commitment to Customers During the COVID-19 Outbreak

RSA 2020 San Francisco Recap

Evolving Hazards, Emerging Hope and the Expanding Human Element

App Security: It’s a New Year! What’s New About It?

Latest Blog Posts

Dotfuscator 6: The Next Era of Dotfuscator

Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

Our Commitment to Customers During the COVID-19 Outbreak

RSA 2020 San Francisco Recap

App Security: It’s a New Year! What’s New About It?

Twitter