zShield

To prevent reverse engineering attempts utilizing static analysis, zShield deploys numerous code hardening techniques to obfuscate code visibility. Two techniques of many are Name Obfuscation and Control Flow Obfuscation:

• Name Obfuscation Android – zShield obfuscates the names of classes, fields, methods, native libraries, resources, assets and resource XML attributes.
• Name Obfuscation iOS – zShield obfuscates identifiers in both Swift and Objective-C code to hide semantic information from reverse engineers. The most common reflection constructs are supported out-of-the-box.
• Control Flow Obfuscation for Android and iOS – zShield obfuscates the control flow of the code inside the methods and the original function logic to hinder automated and manual code analysis.

Unlike other solutions that rely upon manual pen testing to demonstrate effectiveness and have no active reporting, zShield provides immediate and on-going reporting on hacking attempts.

zShield reports app tampering events into Zimperium’s administration and reporting dashboard, zConsole, and offers comprehensive forensics. zShield protects your apps against dynamic analysis and live attacks using various runtime self-protection mechanisms like SSL pinning, hook detection and certificate checks.

zShield transparently integrates into your build process and requires no changes to your source code. It provides plugins for all common build tools and development environments like Gradle, Android Studio, Ant, Eclipse, Maven, and custom builds.

After your app is optimized and obfuscated with zShield, it will report hacking and tampering attempts directly into your Zimperium console and can be easily integrated with your security information and event management (SIEM) system for further analysis and action.