Mobile App Obfuscation and Anti-tampering
Code Protection For a Zero-Trust World
Once a mobile app is publicly released, attackers can download and inspect the application to find exploitable coding errors and vulnerabilities. Zimperium's zShield hardens and protects the app with advanced obfuscation and anti-tampering functionality to protect the source code, intellectual property (IP), and data within the application.
Benefits of protecting your code:
- Prevent source code and Intellectual Property theft resulting in competing solutions
- Prevent business logic bypass resulting in loss of revenue
- Prevent data theft resulting in financial penalties
- Prevent APIs and keys from being discovered and abused
- Prevent fake apps from damaging brand reputation
- Achieve mandatory compliance standards for Go-To-Market strategies
Mobile App Code Obfuscation
To prevent reverse engineering attempts utilizing static analysis, zShield deploys numerous code hardening techniques to obfuscate code visibility. Two techniques of many are Name Obfuscation and Control Flow Obfuscation:
- Name Obfuscation Android - zShield obfuscates the names of classes, fields, methods, native libraries, resources, assets and resource XML attributes.
- Name Obfuscation iOS - zShield obfuscates identifiers in both Swift and Objective-C code to hide semantic information from reverse engineers. The most common reflection constructs are supported out-of-the-box.
- Control Flow Obfuscation for Android and iOS - zShield obfuscates the control flow of the code inside the methods and the original function logic to hinder automated and manual code analysis.
App Tampering Protection
Unlike other solutions that rely upon manual pen testing to demonstrate effectiveness and have no active reporting, zShield provides immediate and on-going reporting on hacking attempts.
zShield reports app tampering events into Zimperium's administration and reporting dashboard, zConsole, and offers comprehensive forensics. zShield protects your apps against dynamic analysis and live attacks using various runtime self-protection mechanisms like SSL pinning, hook detection and certificate checks.
Seamless Development and Security Integrations
zShield transparently integrates into your build process and requires no changes to your source code. It provides plugins for all common build tools and development environments like Gradle, Android Studio, Ant, Eclipse, Maven, and custom builds.
After your app is optimized and obfuscated with zShield, it will report hacking and tampering attempts directly into your Zimperium console and can be easily integrated with your security information and event management (SIEM) system for further analysis and action.
“Security and risk management leaders must take due care in protecting their application clients to avoid turning a promising software design trend into a security failure.”
- Gartner’s Market Guide for In-App Protection Report (July 3, 2019; Dionisio Zumerle and Manjunath Bhat)