.

How to armour your mobile apps
HOME / DEFENSIVE SECURITY

Mobile App Code Obfuscation & Hardening

What is it about?

Mobile applications allow you to enjoy the services provided by a company from the comfort of your own device, in a context of high flexibility and mobility.

However, the apps run on a device that cannot be considered reliable: the user may have altered it with root or jailbreak and have installed other applications containing malicious code without knowing it.

Similarly, a motivated attacker can easily launch the app in an environment under his control (emulated or real) to study in detail how it behaves or go back to the code that constitutes it and with this knowledge to create scenarios of attack or fraud.

This has an impact on economic, reputational, legal or regulatory compliance terms, particularly GDPR, PSD2 or PCI DSS.

CryptoNet Labs offers the Mobile Application Hardening & Obfuscation service to make your apps more resistant to hacking, reverse engineering or tampering attacks, by inserting “self-protection” mechanisms within the app itself:

  • Obfuscation, to make decompiled source code difficult to read.
  • Symbol stripping and renaming, to remove unnecessary program symbols from the code and rename the rest with meaningless names.
  • String encryption, to protect the clear values of the strings.
  • Anti-debug logic, to insert in the app functionality of detection of dynamic analysis tools (debugger).
  • Checksum control, to verify the integrity of the application.

We work with the customer’s development team in order to understand the most crucial parts of the application so we can introduce protection mechanisms at the appropriate points, optimising security requirements while taking into consideration user experience. We can integrate and automate hardening and obfuscation to fit into the software development cycle, even in case of frequent releases or use of DevOps technologies.

Who can benefit from it
Companies that develop mobile apps internally or on behalf of third parties; or that have outsourced the creation of apps and want to increase the level of protection of their intellectual property.