Alibaba Cloud Mobile Security supports vulnerability scan and app hardening, with the following features.
Static vulnerability detection
Scans and locates vulnerabilities statically and performs taint analysis to retrieve accurate variable values.
Analyzes and tracks vulnerabilities at the granularity of the register.
Dynamic vulnerability detection
Scans and locates vulnerabilities dynamically and performs Fuzz testing to restore the real Android environment and obtain accurate results.
Provides a complete remedial solution for your mobile application based on the scan results.
Applies various methods such as re-encoding, shelling, and modifying the command calling sequence to enhance the anti-cracking capability of your application.
Employs techniques that focus on application hardening intensity, while maintaining the compatibility of your application.
Mainstream static analysis tool prevention, which effectively prevents hackers from using static analysis tools such as APKTool, dex2jar, and JEB to analyze applications’ Java-layer code.
Shells the SO file to effectively prevent malicious users from using tools, such as IDA and readelf, to analyze SO file logic.
Shells the DEX file by using loading and remedial techniques during dynamic running.
Prevents hackers from dumping the Java-layer code memory.
Encrypts plaintext constant strings in the DEX file.
Uses the dynamic decryption feature to decrypt strings during runtime, increasing the difficulty in reverse analysis.
Java command translation
Modifies the calling relationship link of the service logic at the Java layer.
Ensures protection of the Java-layer code from hackers by not allowing access to the entire service logic.
Java execution simulation
Detaches commands from the DEX file and simulates execution in a user-defined execution environment.
Effectively prevents malicious users from access to a dump of Java-layer code using commands.