Protecting a Mobile Application from Reverse Engineering
An application is a masterpiece. It is the summation of all of your hard work, design, testing, re-testing, customer feedback and more. You have created the best app you can, and now someone can steal your secret from you. Your algorithms, business logic, and unique data.
The discipline for extracting design from a product is called Reverse-Engineering. There are two main categories of reverse engineering:
- Static: Extracting the design of the application without running it, just inspecting its contents (see the article that explains what constitutes the contents of an iOS and Android application)
- Dynamic: Extracting information about the inner workings of the application by running it in its target or controlled (emulator) environment and using various tools to inspect the data processing of an application while it runs.
This is also known as debugging.
This Knowledge Base explains Appdome’s Anti-Reversing capabilities, a key component of ONEShield™ by Appdome, which gets automatically added to every app as part of the Fusion process.
We hope you find it useful and enjoy using Appdome!
About No-Code Anti-Reversing on Appdome
Appdome’s Anti-Debugging counters and stunts static reverse-engineering efforts on your application.
As mentioned earlier, Anti-Reversing gets added automatically to every application as part of the fusion process. So whether you chose to integrate with Intune, TOTALData Encryption or SSO with Okta, your built app will be reverse-engineering proof.
Anti-Reversing will do the following, depending on the platform:
- iOS: All the selector references in the application’s main executable get obfuscated. This takes away one of the reverse engineers’ most useful tools – the cross-reference search.
- Android: Any plaintext strings appearing in the DEX files (Java/Kotlin) will be obfuscated.
These are the basic measures Appdome takes to make sure an attacker has to resort to other techniques such as tampering and debugging. Both of which are protected by Appdome’s Anti-Tampering and Anti-Debugging. This three-pronged defense gives an all-around effective hardening for your mobile app.
Prerequisites for using Appdome’s Anti-Reversing
In order to use Appdome’s no code implementation of Anti-Reversing, you’ll need:
How to add Anti-Reversing to any application on Appdome
Follow these step-by-step instructions to add Anti-Reversing to any mobile app:
Upload a Mobile App to Your Account
Automatic Protection against reverse-engineering attempts on your app
As mentioned earlier, Anti-Reversing gets added automatically to every application as part of the fusion process.
After Adding Anti-Reversing to a Mobile App on Appdome
After you have added Anti-Reversing to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome-Built App
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
Sign the Anti-Reversing protected Appdome-Built App (Required)
In order to deploy an Appdome-Built app, it must be signed. Signing an iOS app and Signing an Android app is easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Deploy the Appdome-Built App to a Mobile Device
Once you have signed your Appdome-Built app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Built apps, please read this knowledge base.
That is it – Enjoy Appdome’s anti-tampering protection for your app!
How Do I Learn More?
If you are interested in protecting your app, check out Appdome ONEShield, a suite of app protection features. You will find TOTALCode in particular to be a very powerful enhancement to the reverse-engineering protection already supplied by Appdome’s Anti-Reversing.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.