Every day the number and range of methodologies and malicious programs hackers use to gain unauthorized access to applications and private information increases. Often software code itself provides the entry point for attack. One of the most important weapons available to developers and security teams in the war against reverse engineering, application piracy, code injection, and other malicious acts, is mobile app obfuscation.
The term “obfuscate” means to render obscure, unclear or unintelligible. Code obfuscation is a security strategy that deliberately disguises code to frustrate and delay hackers in their attempts to understand how an application’s code works. There are numerous methods involved in code obfuscation, such as inserting decoy logic or nonsense statements, encrypting segments of the binary code, and obfuscating the control flow. These techniques aim to confuse attackers and cost them more time and resources, making it economically non-viable for them to try and break in.
Advanced Code Obfuscation for Your Mobile App
zShield is a comprehensive code protection solution intended for hardening software applications on multiple target platforms. It adds tamper resistant characteristics to applications by applying mobile app obfuscation, integrity protection, anti-debug, and anti-piracy techniques to application code. zShield can protect any standards compliant C/C++/Objective-C/Swift or Android Java source code and requires no significant changes to the code itself or the existing build chain.
Why Zimperium for Mobile App Obfuscation?
zShield provides a powerful security feature that obfuscates message calls in the binary code, thus making reverse engineering more difficult.
zShield can encrypt some of the Objective-C metadata to partially hide the useful information from static analysis tools. The encrypted metadata is only decrypted at run time when it is used by the protected application.
zShield provides a security feature that obfuscates a large portion of string literals (including Objective-C string literals, which are NSString pointers) in the code and deobfuscates them only before they are actually used. This feature increases protection against static analysis.
zShield is capable of in-lining static void functions with simple declarations into the calling functions. Such operation increases the obfuscation level of the final protected code and makes it more difficult to trace. The overall result is increased security of the protected application.
Learn About the Mobile Application Protection Suite
DZone Trend Report | Enterprise Application Security: Building Secure and Resilient Applications
DZone’s Trend Report for Enterprise Application Security, sponsored by Zimperium, aims to equip developers with the tools, best practices, and advice they need to help implement security at every stage of the SDLC. Download Now.