White Hat Android Packer from Appdome

By |2019-10-07T22:37:05+00:00September 24th, 2019|

Here at Appdome, we’re always striving to stay ahead of mobile threats and provide the best mobile app protections to our users.

Today, we are adding new protections for Android apps, making Android apps safer to use and even more secure with every build. As part of Appdome’s TOTALData Encryption, Appdome users can now use a new no-code Android Packer, called APPCode Packer™, to encrypt and protect the entire APK of an Android app.

According to Virus Bulletin, Android Packers are able to encrypt an original classes.dex file, use an ELF binary to decrypt the dex file to memory at runtime, and then execute via DexclassLoader. In other words, Android Packers have the ability to change the overall structure and flow of an Android APK file – which is more complicated than obfuscation techniques such as the use of ProGuard, DexGuard and junk byte injection.

Introducing Appdome APPCode Packer

Appdome’s APPCode Packer is the industry’s first no-code Android App Packer. APPCode Packer hides and encrypts all Java code of an Android app when the app is built using Appdome. Appdome APPCode Packer can be used stand-alone or in conjunction with TOTALCode Obfuscation and ONEShield app shielding, including Appdome’s Flow Relocation. This makes reversing or infiltrating an Android app even harder and provides Android app developers with defense-in-depth to code protection.

Appdome’s APPCode Packer delivers significant security advantages in Android apps. For example, APPCode Packer eliminates the component hijacking vulnerability in Android apps, shielding Android apps from malicious apps that try to compromise vulnerable components and achieve privilege escalation and information stealing.

Appdome’s APPCode Packer also does not impact app performance, a common side effect of Android Packers. When the app is launched on a user’s device, all of the code is then decrypted as the application loads in order to ensure successful running of the app. For older devices, users can take advantage of an additional new feature called Favor Loading Time sub feature, which can be turned off or on as follows:

  • If OFF, all code will be packed providing the app with maximum security.
  • If ON, Appdome’s Artificial Intelligence Engine, AMI, will automatically detect and optimize encryption and obfuscation of publicly available components to preserve application loading time. This means that open source libraries, where the code is easily available online may not be packed and first run loading time will therefore be much better on older devices.

4 Reasons Why Appdome’s APPCode Packer is Better

As a method, Android packers aren’t new. There are several other solutions that use Android Packers for security. Like other security methods, they require an expert security engineer to implement. So, they are often used by firms that specialize in Android security. App Packers have also been used by hackers and in malware in order to hide malicious code.

Appdome’s APPCode Packer takes the app packer technology and uses it to protect the Android app itself, safeguarding how the app works, its internal logic and the mobile app IP from attack. Appdome’s APPCode Packer is better than legacy app packers:

  1. AppCode Packer is 100% no-code, meaning anyone can implement AppCode Packer in an Android app.
  2. APPCode Packer combines “out-of-the-box” protection with flow relocation, anti-tampering, anti-debugging and obfuscation. Unlike other solutions, Appdome decodes the packed code using obfuscated and tamper-resistant methods, joining several security measures together and hardening the App Packer.
  3. Appdome TOTALData Encryption is very fast and efficient. In fact, when comparing it with other Android Packer solutions, apps encrypted with APPCode Packer load 2-3 times more faster than other Android Packers.
  4. Appdome’s unique “favor loading time” option keeps open source code un-packed. As a result, the first loading time penalty is reduced significantly while still protecting the important business logic of the app, an achievement other Android Packers can’t match.

Recommendations for Android Developers

Keep in mind that Appdome’s mobile app security solution requires no code, no development, and has zero impact on app performance. Appdome’s strong encryption and obfuscation strategy leaves competitors in the dust. And for our customers, implementing this or any other new security feature is as simple as selecting the Toggle Button and clicking the Build My App button.

We hope you try and enjoy using this new capability to secure your Android apps.

About the Author:

Gil heads engineering at Appdome. He's a security engineer, mobile app developer and has fused 1000s of Android and iOS apps.
Scroll Up