Mobile Security Armor (MSA) provides stable, simple, and efficient security protection for mobile Apps. The service improves the overall security of Apps, protecting the Apps from being reverse-cracked.
Background
Security hardening for Android Apps
Due to the open-source nature of the Android system, Apps are highly vulnerable to piracy, decompilation, and other attacks, severely impacting App data and privacy security. mPaaS mobile App security hardening strengthens APKs or AAB packages and performs compatibility and functional regression testing on the hardened APK/AAB packages, maximizing the protection of Apps from cracking.
Security hardening for iOS Apps
As cracking and analysis technologies keep evolving, the built-in security protection measures of the iOS system, including IPA encryption, can no longer meet the security requirements of iOS Apps. mPaaS MSA hardens the core code by using a secure compiler, to greatly increase the difficulty of reverse analysis and effectively prevent cracking and attacks.
Security hardening for HTML5 Apps
To meet the regulatory requirements of mobile security and improve security capabilities, HTML5 Apps has an inevitable need for security hardening. mPaaS MSA erases the original running processes and obfuscates function names and variable names, making the processed JavaScript code difficult to read. This prevents the HTML5 Apps from being cracked and stolen and protects the legitimate rights and interests of HTML5 developers.
Benefits
Simple operation, ready to use right out of the box
Android is hardened by uploading the APK; iOS supports hardening by the Xcode compiler and uploading the IPA; HTML5 is hardened by uploading the JS file.
High stability and compatibility
MSA is based on the mobile security hardening technologies provided by Alibaba Cloud. MSA has been proven by hundreds of millions of transactions in the Taobao ecosystem. This service ensures both high security and high compatibility and delivers low crash rates.
MSA supports ARM, AARCH64, X86, X64, also supports Android 4.2 and above full-line system version.
The iOS security compiler supports multiple languages and provides stable performance.
Java2C, improve security protection level
Bytecode is converted into native binary code to increase the difficulty of code cracking. The code is compiled into a .so file that can be called by JNI, which prevents attackers from reverse analyzing the Java code.
Enterprise-level capability support
OpenAPIs of MSA are provided to facilitate integration with customer systems such as Jenkins and improve automation efficiency. MSA can be used with the hotpatch feature and supports mainstream hotpatch capabilities, including mPaaS hotpatch, Alibaba hotpatch, and Tencent Tinker hotpatch.
Features
The following section lists the hardening capabilities supported for Android App security hardening, iOS App security hardening, and HTML5 App security hardening. For detailed explanations of the hardening capabilities, please refer to Terminology.
Android App security hardening provides:
Standard version: APK/AAB package hardening, class security hardening.
iOS App security hardening provides:
Source code hardening: constant encryption, instruction replacement, control flow flattening, branch forgery, junk and bad instructions, call graph obfuscation, symbol encryption, and pointer encryption.
HTML5 App security hardening provides:
Expression substitution, constant string encryption, code compression, object key name (object domain name) replacement, unformatting, anti-debugging, function variable name obfuscation, JS domain name binding, disabling console output, control flow flattening, fake control flow, and virtualization protection (VMP).