Announcing the DashO v10.2 Release with Resource Encryption for Android

January 23, 2020 1550 Views Matt Insko

The DashO 10.2 release introduces a major new feature: Resource Encryption for Android. It's currently in beta, but is fully supported for production use. It allows you to encrypt the resources embedded in your APK, better protecting your Android application against static attacks.

This functionality integrates directly with your existing Gradle build, encrypting the resources during the standard build process. DashO then injects code into your protected application that will decrypt those resources at runtime.

Resource Encryption is off by default, but can be easily enabled in the DashO UI. The UI makes it easy to enable, or disable, the encryption of specific resources via drag and drop. It currently supports encrypting both assets and raw resources.

Once you install DashO 10.2, using this feature is easy.

Enable on an Existing Project

If you are not currently using Android Mode, introduced in DashO 10.0, please upgrade your project.

First, make sure you are using version 1.1.+ of the DashO Gradle Plugin for Android in your build.gradle file. The previous version does not support Resource Encryption. Next, open your configuration file (e.g. project.dox) in the DashO UI and enable Resource Encryption.

Enable on a New Project

Use the wizard to integrate DashO into your application's build process. This will add version 1.1.+ of the DashO Grade Plugin for Android, which supports Resource Encryption. Next, enable Resource Encryption in the DashO UI.

Building and Testing

This is a beta feature and there are some limitations. It targets select Android resource APIs. Specifically, DashO automatically injects code to decrypt streams produced by the following method calls:

AssetManager.open(String)
AssetManager.open(String, int)
Resources.openRawResource(int)
Resources.openRawResource(int, TypedValue)

Note: If you know certain resources are not read using one of these APIs, you will need to exclude those particular resources from this encryption feature.

Including or Excluding Resources

Once this feature is enabled, DashO by default will encrypt all the assets and raw resources in your application. However, this can be easily configured.

Run a Gradle build then open or refresh the configuration file in the DashO UI. You should see the resources under Resource Encryption -> [Asset|Raw] -> [Include|Exclude].

Depending on how your resources are used, you can either choose to include ones that use the supported APIs or exclude ones that do not. Simply drag the file(s) from the left-hand side to the right-hand side.

Feedback

More information about this feature can be found in the User Guide. We are working on improving this functionality. If you run into any issues or if there are additional Android resource APIs that your application uses, please contact us.

Latest Blog Posts

Integrating DashO into a Maven Build

Maven is perhaps the most widely-used project management tool for Java. Based on the Project Object Model (POM), it is used not only for compilation of source code, but also dependency management, documentation, running tests, packaging, deployment, and more. We are frequently asked if we have a Maven plugin for running DashO. Though we do not offer a specific Maven plugin, adding DashO to your Maven-based project is surprisingly easy by leveraging Ant.

In an already digital world, the Covid-19 pandemic forced society and businesses to adopt additional modes of technology and press on for more advanced application development. Business’ focus shifted to increased remote work collaboration, streamlined contact tracing work, and enhanced consumer e-commerce connections. With little knowledge on how much longer social distancing measures will be in place, more on-demand application development options are needed to successfully maintain workplace functionality.

Gabriel Torok, Founder and CEO of PreEmptive, recently authored an article as part of the Forbes Technology Council. In it, he describes four application trends that help predict emerging expectations for the future of enterprise.

Customers occasionally ask us about adding DashO, Dotfuscator, or JSDefender to their Docker-based build processes. We do not provide pre-built Docker containers for our products, but it is relatively straightforward to create your own containers with the distributions we do provide. Historically, setting up licensing for these containers could be a challenge, but with the recent addition of Floating license support to DashO, Dotfuscator, and JSDefender, even the licensing part is straightforward.

This blog provides example Dockerfiles for each product, as a starting point for building your own containers. You will need to replace {x.y[.z]} with the appropriate major.minor[.patch] version.

Read more

Navigating the Choice Between Security and Customer Experience

Navigating the Choice Between Security and Customer Experience

Chances are, if you’ve used a mobile banking app, or bought something online, your purchase was facilitated in part by a Fiserv product. Fiserv is a global provider of financial services technology. Clients include banks, credit unions, financial companies and retailers. As a Fintech company, Fiserv provides payment and commerce enabling technology to clients in more than 100 countries, serving as an “industry standard” across the world.

In a recent article “2020 Trends in Fraud and Financial Crime Risk Management” Andrew Davies – Fiserv’s VP of Global Market Strategy writes “Criminals are even more on the offensive, constantly researching new vulnerabilities and developing fresh attack vectors. For financial institutions, that's spurred growth in both process and technology investments to keep pace.” The question that Fiserv and many other financial institutions are asking: “How do you accurately manage detecting financial crime without inhibiting the customer experience?”

“Better licensing means more flexibility,” said CTO Bill Leach during a recent presentation on the release of DashO 11 - PreEmptive’s Android and Java Protection Product. “The new floating license and product activation features allow users to provision DashO on the fly – for example, on cloud hosted build agents that don’t already have DashO preinstalled. By specifying the license key at run time, development teams can more easily automate their builds, no matter where they run.”

Revamped licensing and activation are not the only updates in this latest version—other highlights include:

Announcing the DashO v10.2 Release with Resource Encryption for Android

Enable on an Existing Project

Enable on a New Project

Building and Testing

Including or Excluding Resources

Feedback

Integrating DashO into a Maven Build

Post Covid-19: 4 Application Trends You Need to Know

Dockerize PreEmptive's Products using Floating License

Navigating the Choice Between Security and Customer Experience

DashO 11 Release: Licensing, Bug Fixes, and Improved Functionality

Latest Blog Posts

Integrating DashO into a Maven Build

Post Covid-19: 4 Application Trends You Need to Know

Dockerize PreEmptive's Products using Floating License

Navigating the Choice Between Security and Customer Experience

JSDefender Version 2 Release

Twitter