PreEmptive Protection™ DashO™ is an application hardening and obfuscation tool for Java, Android, and Kotlin applications. DashO works in several ways to protect your library or app. First, it obfuscates the compiled code, altering it so that it is more difficult to analyze using static techniques. Second, it injects code to automatically detect and respond to a variety of threats, making it hard to even begin to tamper, debug, or inspect. Third, it can inject calls to custom code that can respond to threats in any way you choose, providing complete control over how the application behaves when a threat is detected.
Obfuscation is a means of risk mitigation. In the modern world, there are many risks to software, including:
- Various kinds of theft (of trade secrets or other intellectual property)
- Loss of revenue (through piracy)
- Exposure or loss of data (including personally identifiable information)
- Defacement and brand-dilution (through piracy)
The applicability or severity of any particular risk to your product or domain may vary, but no product is free from all risks.
Modern software is seldom isolated – it typically acts as a single component in a larger interconnected system. Defense in depth requires protection at each layer of a system. DashO's hardening can be a significant component of a secure strategy. This may include elimination of potential attack vectors entirely through tamper detection. This could also include reducing attack surface area though unused code removal. Additionally, in the United States there may be legal protections afforded to your software by demonstrating an intent to protect trade secrets with obfuscation.
We take pride in the fact that we keep DashO up-to-date with the latest features of the Java Language, the JVM specification, and frequent updates to the Android development landscape.
DashO is a mature product that has been developed over the course of two decades. It has weathered the storm of Java projects in the field, and the vast majority of the snags in using the technology have already been encountered and fixed, or otherwise resolved (e.g. support for Spring Framework, Dynamic Class Loading, etc.).
How it works
You configure a DashO project using our graphical user interface ("GUI"), optionally using our step-by-step wizard. DashO then applies that configuration to your app in a post-compile build step. This means that your application can be protected entirely without making code changes.
The DashO build can be integrated into your continuous-integration build using the command line interface ("CLI"), Gradle (using the DashO Gradle Plugin for Android or the DashO Gradle Plugins for Java), or Ant.
Once obfuscation is complete, multiple report files are produced that document what was done and can be reviewed or preserved for future reference.
See Understanding Protection for more information on DashO's protection features.
Before Releasing the Protected App
Before releasing your protected application or library, please review the Release Checklist. It gathers in one place all of the topics that should be considered as part of protecting your software.