Mobile Security Armor (MSA) provides reliable, simple, and effective security protection for mobile applications (hereinafter referred to as App). It enhances the overall security of your App and helps prevent reverse engineering and cracking.
Background
Android application hardening
Because the Android system is open source, applications are vulnerable to attacks such as piracy, decompilation, and cracking. These attacks pose a serious threat to application data and privacy. mPaaS Mobile Security Armor hardens APK or AAB packages and then performs compatibility and functional regression testing on the hardened packages to provide maximum protection against cracking.
iOS application hardening
As cracking and analysis techniques evolve, Apple's built-in security measures, including IPA encryption, are no longer sufficient to meet the security requirements of iOS applications. mPaaS Mobile Security Armor uses a security compiler to harden the core code. This significantly increases the difficulty of reverse analysis and effectively protects against cracking and attacks.
HTML5 application hardening
HTML5 applications must be hardened to comply with mobile security regulations and enhance their security capabilities. mPaaS Mobile Security Armor erases the original execution flow and obfuscates function and variable names. This makes the processed JavaScript code difficult to read and prevents HTML5 applications from being cracked or used without authorization, thereby protecting the rights of HTML5 developers.
HarmonyOS application hardening
With the rapid growth of the HarmonyOS ecosystem, HarmonyOS NEXT native applications face security threats such as code reverse engineering and repackaging. mPaaS Mobile Security Armor provides in-depth protection for HarmonyOS HAP and App packages. It uses techniques such as code obfuscation and SO library hardening. Combined with the features of the HarmonyOS system, it offers multilayer security protection. This effectively defends against attacks such as decompilation and hook injection. It also performs comprehensive compatibility and functional regression testing on hardened applications to ensure the secure and stable operation of HarmonyOS native applications.
Benefits
Simple and out-of-the-box
Harden Android applications by uploading an APK. Harden iOS applications using the Xcode compiler or uploading an IPA. Harden HarmonyOS applications by uploading an HAP or App package. Harden HTML5 applications by uploading a JS file.
High stability and compatibility
Mobile Security Armor is built on Alibaba Cloud's mobile security hardening technology. It has been tested and proven in large-scale services with hundreds of millions of users, such as Taobao. It balances security and compatibility, achieving an extremely low crash rate.
It supports ARM, AARCH64, X86, and X64 architectures. It also supports all system versions from Android 4.2 and later.
The iOS security compiler supports multiple languages and delivers stable performance. It supports all mainstream device models and is compatible with the latest version of Xcode.
Java2C to improve security
Bytecode is converted into native binary code to make it harder to crack. The code is compiled into an SO file that is invoked by the Java Native Interface (JNI). This prevents attackers from using Java reverse analysis techniques.
Enterprise-grade capabilities
It provides OpenAPI capabilities for integration with customer systems, such as Jenkins, to improve automation efficiency. Mobile Security Armor supports hotpatching and is compatible with mainstream solutions, such as mPaaS Hotpatching, Alibaba Cloud Hotpatch, and Tencent Tinker Hotpatch.
Features
The following sections list the hardening features for Android, iOS, HarmonyOS, and HTML5 applications. For more information about these features, see the Terms.
Hardening features for Android applications:
Standard Edition: APK/AAB package hardening and class security hardening.
Professional Edition: Anti-hooking, anti-rooting, anti-emulator, SO hardening, anti-debugging, anti-memory dumping, anti-repackaging, asset file protection, anti-multi-instance, Virtual Machine Protection (VMP), protection against injection attacks, and anti-hijacking.
Hardening features for iOS applications:
Source code hardening: Constant encryption, instruction replacement, control flow flattening, branch falsification, junk and bad instructions, call graph obfuscation, symbol encryption, and pointer encryption.
Package hardening: Anti-jailbreaking, anti-repackaging, anti-proxy, anti-multi-instance, protection against injection attacks, anti-hooking, string encryption, ustring-only encryption, anti-debugging, and UI capture protection (anti-screen recording, anti-screenshot, and anti-screen mirroring).
Hardening features for HarmonyOS applications: Code obfuscation, string encryption, and SO hardening.
Hardening features for HTML5 applications: Expression replacement, constant string encryption, code compression, object key (object domain name) replacement, anti-formatting, anti-debugging, function and variable name obfuscation, JS domain name binding, disable console output, control flow flattening, false control flow, and virtualization protection (VMP).