Application hardening is a process of taking a finished application and making it more difficult to reverse engineer and tamper. Combined with secure coding practices, application hardening is a best practice for companies to protect their app's IP and prevent misuse, cheating, and repackaging by bad users.
Application hardening takes a finished, well-built application and both manipulates existing, and injects new, code to secure the application against static and dynamic attacks far beyond "hygienic" vulnerabilities like those created by not verifying a sender or destination or message format.
- Binary level code obfuscation to prevent attackers from seeing a functional view of an application.
- Application integrity checks ensure the application code has not been altered.
- Detect whether the app is running on a rooted or jailbroken device.
- Vary how protections are applied in each build to prevent attackers from building up a cumulative understanding of how apps are being protected.
- Determine what actions to take if app is being attacked or a device is determined to be compromised.
- Utilize white-box cryptographic protection to encrypt critical keys and data.