PRODUCTS
App Integrity Protection
Arxan_Binary-Lock

Security Whitepapers Security Whitepapers

Security Solution Sheets Security Solution Sheets

Security Webinar Series Security Webinar Series

Security Case Studies Security Case Studies

google

Google strongly recommends developers to obfuscate code in order to raise the bar against hackers and pirates. The attacks Google has seen so far are also all on applications that have neglected to obfuscate their code.

Security for Android Mobile Applications

App Integrity for Android 


Android is Everywhere and Vulnerable!

Worldwide market share of Android-powered devices continues to explode. As industries, such as digital media, enterprise and government leverage this open-source OS with new mobile applications for their consumer and business customers, concerns about Android security take center stage.

Specifically, Android applications, whether Java/Dalvik bytecode or native Android application code, are vulnerable due to:

  • Limited security components of Android Market and other download sites

  • Hacker toolkits designed to attack applications by:

    • reverse-engineering

    • disassembly or

    • debug mobile applications

  • Open-source nature of Android applications being susceptible to malware attacks via internet connection

  • Rapid, global distribution which facilitates sophisticated global collaboration of cybergangs

The Attacks

Attacks include malware, software piracy, theft of intellectual property, call/SMS fraud and data theft. Carrier and device maker business models are also at risk. Jailbreaking, for example, interferes with the carrier’s business model, and also puts every other application (and related data) in danger of reverse engineering, tampering and theft.

Software protection is needed to ensure business models, intellectual property (IP), and digital rights management (DRM) requirements.

EnsureIT for Android

Arxan’s EnsureIT for Android delivers automated embedded software protection that is easy to deploy and durable. EnsureIT features automated defend, detect and react capabilities by deploying various security techniques (called Guards) such as obfuscation, checksum, repair and anti-debug directly into the software code of each application for defense-in-depth. This layered pro­tection of diverse Guard types provides control, trust and tamper-resistance for the application.

Specifically, EnsureIT for Android provides application hardening for Android applications that run in the Dalvik virtual machine and call into native code via the Android Native Development Kit (NDK). The NDK is used to implement native code languages such as C and C++ in a manner that can increase efficiency and speed by reusing existing code.

The result is customized, low-impact, high-durability application security that is embedded into applications to protect valuable assets.

EnsureIT - Core Features

  • Tunable security for mobile platforms and their application offerings

  • Layered network of protections, with no single point of failure

  • Self-heal in the event of an attack by restoring protections

  • Requires no changes to source code

  • Support for a broad range of emulators and devices

  • Support for the entire Google development platform and other Android platforms

  • Support for the ARM processor

  • Command line interface to integrate into build environment

  • No single point of failure

android-arm-logo

Resources

Embedded and Mobile Software Protection

"The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years, adding features, speed and computing power. But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for stealing data that rival anything seen on the desktop, experts say."

- Threatpost Editors

 

Terms of Use|Site Map

Ā© 2014 Arxan Technologies, Inc. All Rights Reserved.