Mobile App Obfuscation and Anti-tampering
Hardening Your Mobile Apps with zShield
Once a mobile app is publicly released, attackers can inspect it for exploitable coding errors and vulnerabilities. Zimperium's zShield hardens and protects the app with advanced obfuscation and anti-tampering functionality to limit attacks such as reverse engineering, piracy, removing ads, extracting assets, extracting API keys and repackaging with malware.
zShield hardens and protects your apps in three primary ways:
- Obfuscation to prevent reverse engineering
- App tampering visibility in the wild
- Seamless development and security integrations
Mobile App Code Obfuscation
To prevent reverse engineering attempts utilizing static analysis, zShield deploys numerous code hardening techniques to obfuscate code visibility. Two techniques of many are Name Obfuscation and Control Flow Obfuscation:
- Name Obfuscation Android - zShield obfuscates the names of classes, fields, methods, native libraries, resources, assets and resource XML attributes.
- Name Obfuscation iOS - zShield obfuscates identifiers in both Swift and Objective-C code to hide semantic information from reverse engineers. The most common reflection constructs are supported out-of-the-box.
- Control Flow Obfuscation for Android and iOS - zShield obfuscates the control flow of the code inside the methods and the original function logic to hinder automated and manual code analysis.
App Tampering Protection
Unlike other solutions that rely upon manual pen testing to demonstrate effectiveness and have no active reporting, zShield provides immediate and on-going reporting on hacking attempts.
zShield reports app tampering events into Zimperium's administration and reporting dashboard, zConsole, and offers comprehensive forensics. zShield protects your apps against dynamic analysis and live attacks using various runtime self-protection mechanisms like SSL pinning, hook detection and certificate checks.
Seamless Development and Security Integrations
zShield transparently integrates into your build process and requires no changes to your source code. It provides plugins for all common build tools and development environments like Gradle, Android Studio, Ant, Eclipse, Maven, and custom builds.
After your app is optimized and obfuscated with zShield, it will report hacking and tampering attempts directly into your Zimperium console and can be easily integrated with your security information and event management (SIEM) system for further analysis and action.
“Security and risk management leaders must take due care in protecting their application clients to avoid turning a promising software design trend into a security failure.”
- Gartner’s Market Guide for In-App Protection Report (July 3, 2019; Dionisio Zumerle and Manjunath Bhat)