Key features

Last Updated: Apr 12, 2017

Alibaba Cloud Mobile Security supports vulnerability scan and app hardening, with the following features.

Quick application vulnerability detection

  • Static vulnerability detection

    • Scans and locates vulnerabilities statically and performs taint analysis to retrieve accurate variable values.

    • Analyzes and tracks vulnerabilities at the granularity of the register.

  • Dynamic vulnerability detection

    Scans and locates vulnerabilities dynamically and performs Fuzz testing to restore the real Android environment and obtain accurate results.

Application vulnerabilities resolution

Provides a complete remedial solution for your mobile application based on the scan results.

Advanced security with application hardening

  • Applies various methods such as re-encoding, shelling, and modifying the command calling sequence to enhance the anti-cracking capability of your application.

  • Employs techniques that focus on application hardening intensity, while maintaining the compatibility of your application.

Core application hardening techniques

Mainstream static analysis tool prevention, which effectively prevents hackers from using static analysis tools such as APKTool, dex2jar, and JEB to analyze applications’ Java-layer code.

  • SO shelling

    Shells the SO file to effectively prevent malicious users from using tools, such as IDA and readelf, to analyze SO file logic.

  • DEX shelling

    • Shells the DEX file by using loading and remedial techniques during dynamic running.

    • Prevents hackers from dumping the Java-layer code memory.

  • Constant encryption

    • Encrypts plaintext constant strings in the DEX file.

    • Uses the dynamic decryption feature to decrypt strings during runtime, increasing the difficulty in reverse analysis.

  • Java command translation

    • Modifies the calling relationship link of the service logic at the Java layer.

    • Ensures protection of the Java-layer code from hackers by not allowing access to the entire service logic.

  • Java execution simulation

    • Detaches commands from the DEX file and simulates execution in a user-defined execution environment.

    • Effectively prevents malicious users from access to a dump of Java-layer code using commands.

Thank you! We've received your feedback.