Android Obfuscation & Protection
Android In-App Protection with PreEmptive Protection DashO
It is common knowledge that an Android application is very easy to reverse engineer and/or inspect with freely available tools. Unless an application’s binary code is obfuscated, hardened and tamper-proofed, it is vulnerable to:
- IP Theft: Proprietary business logic can be viewed and/or stolen.
- Piracy: License checking mechanisms can be removed.
- Credential Bypass: Security and authentication checks may be circumvented.
- Fraud: Tampering with in-app payments or collection of login credentials.
- Sensitive Information Theft: Debugging or monitoring apps to collect financial, regulated or personally identifiable information.
- Code Vulnerability Discovery: Reverse engineering mobile apps can readily expose potential vulnerabilities to attack.
- Cloning and Tampering: Apps may be modified with malware and placed on the public app marketplace.
- Executing on a Rooted Device: Apps running on a root device may have their integrity compromised.
Which can lead to:
- Brand & Reputation Damage
- Revenue Loss
- Regulatory Violations
- Data Theft
DashO provides a layered approach to binary code protection that includes:
|Obfuscation and encryption||Protects your application code from static analysis tools such as decompilers and disassemblers|
|Runtime application protection||Guards against dynamic analysis and real-time attacks including root detection and response, tamper, etc.|
All of this makes your apps more difficult for people and machines to exploit while easily fitting into your secure software development lifecycle.
It is important to safeguard valuable apps that are vulnerable to attacks when they are deployed in untrusted mobile environments. But don’t take our word for it…
Android “highly recommends” using an obfuscator on all code and emphasizes this in a number of specific areas such as: “At a minimum, we recommend that you run an obfuscation tool” when developing billing logic.
Microsoft also recommends that Android and iOS apps built with Xamarin be obfuscated and protected (see ) and they also offer a “community edition” obfuscator (our own Dotfuscator CE) as a part of Visual Studio.
Some of the ways DashO Protects Your Apps
- Renaming alters the names of methods, variables, etc., making source code more difficult to understand.
- Control Flow introduces false conditional statements and other misleading constructs in order to confuse and break decompilers.
- String Encryption allows you to encrypt strings in sensitive parts of your application.
- Resource Encryption allows you to encrypt resources embedded in your APK, making it harder for attackers to inspect, copy, or alter them.
- Watermarking helps track unauthorized copies of your software back to the source by embedding data such as copyright information or unique identification numbers into an application.
- Optimize with Pruning which statically analyzes your code to find the unused types, methods, and fields, and removes them making your application smaller and faster.
- Tamper Detection and Defense allows you to prohibit or modify the behavior of a tampered app.
- Root Detection and Defense allows you to control whether an app can run on a rooted device and how it will respond.
- Method Call Removal allows you to remove Android logging calls from your application, in order to prevent it from leaking potentially sensitive information.
- Shelf Life allows you to inject application inventory management into your app.
- Hooking Detection and Defense allows you to prohibit or modify the behavior of an app when a hooking framework is detected.
- Emulator Detection and Defense allows you to control whether an app can run inside an emulator and how it will respond.
Learn more about key the benefits of PreEmptive Protection for Android and Java using DashO here.