Mobile App Obfuscation and Anti-tampering

Code Protection For a Zero-Trust World

Once a mobile app is publicly released, attackers can download and inspect the application to find exploitable coding errors and vulnerabilities. Zimperium’s zShield hardens and protects the app with advanced obfuscation and anti-tampering functionality to protect the source code, intellectual property (IP), and data within the application.

Benefits of protecting your code:

  • Prevent source code and Intellectual Property theft resulting in competing solutions
  • Prevent business logic bypass resulting in loss of revenue
  • Prevent data theft resulting in financial penalties
  • Prevent APIs and keys from being discovered and abused
  • Prevent fake apps from damaging brand reputation
  • Achieve mandatory compliance standards for Go-To-Market strategies
Download Solution Brief

Mobile App Code Obfuscation

To prevent reverse engineering attempts utilizing static analysis, zShield deploys numerous code hardening techniques to obfuscate code visibility. Two techniques of many are Name Obfuscation and Control Flow Obfuscation:

  • Name Obfuscation Android – zShield obfuscates the names of classes, fields, methods, native libraries, resources, assets and resource XML attributes.
  • Name Obfuscation iOS – zShield obfuscates identifiers in both Swift and Objective-C code to hide semantic information from reverse engineers. The most common reflection constructs are supported out-of-the-box.
  • Control Flow Obfuscation for Android and iOS – zShield obfuscates the control flow of the code inside the methods and the original function logic to hinder automated and manual code analysis.
Learn More

App Tampering Protection

Unlike other solutions that rely upon manual pen testing to demonstrate effectiveness and have no active reporting, zShield provides immediate and on-going reporting on hacking attempts.

zShield reports app tampering events into Zimperium’s administration and reporting dashboard, zConsole, and offers comprehensive forensics. zShield protects your apps against dynamic analysis and live attacks using various runtime self-protection mechanisms like SSL pinning, hook detection and certificate checks.

Learn More

Seamless Development and Security Integrations

zShield transparently integrates into your build process and requires no changes to your source code. It provides plugins for all common build tools and development environments like Gradle, Android Studio, Ant, Eclipse, Maven, and custom builds.

After your app is optimized and obfuscated with zShield, it will report hacking and tampering attempts directly into your Zimperium console and can be easily integrated with your security information and event management (SIEM) system for further analysis and action.

Learn More

“Security and risk management leaders must take due care in protecting their application clients to avoid turning a promising software design trend into a security failure.”

– Gartner’s Market Guide for In-App Protection Report (July 3, 2019; Dionisio Zumerle and Manjunath Bhat)

Sign Up For Our Newsletter

Get the latest Mobile Security News and Updates in your inbox

Get started with Zimperium today