Mobile Security Armor (MSA) provides stable, simple, and efficient security protection for mobile apps. The service improves the overall security of apps, protecting the apps from being reverse-cracked.
Background
Security hardening for Android apps
The Android system is open source. Therefore, Android apps are extremely vulnerable to attacks such as piracy and reverse engineering. This severely affects the data and privacy security of the apps. mPaaS MSA hardens APK and AAB packages and performs compatibility testing and functional regression testing on the hardened APK and AAB packages. MSA protects the apps from being cracked.
Security hardening for iOS apps
As cracking and analysis technologies keep evolving, the built-in security protection measures of the iOS system, including IPA encryption, can no longer meet the security requirements of iOS apps. mPaaS MSA hardens the core code by using a secure compiler, to greatly increase the difficulty of reverse analysis and effectively prevent cracking and attacks.
Security hardening for HTML5 apps
To meet the regulatory requirements of mobile security and improve security capabilities, HTML5 apps has an inevitable need for security hardening. mPaaS MSA erases the original running processes and obfuscates function names and variable names, making the processed JavaScript code difficult to read. This prevents the HTML5 apps from being cracked and stolen and protects the legitimate rights and interests of HTML5 developers.
Benefits
Simple operation, ready to use right out of the box
Android apps can be hardened by uploading APK files. The iOS apps can be hardened by using the Xcode compiler. HTML5 apps can be hardened by uploading JS files.
High stability and compatibility
MSA is based on the mobile security hardening technologies provided by Alibaba Cloud. MSA has been proven by hundreds of millions of transactions in the Taobao ecosystem. This service ensures both high security and high compatibility and delivers low crash rates. MSA supports ARM, AARCH64, X86, X64, also supports Android 4.2 and above full-line system version. The iOS security compiler supports multiple languages and provides stable performance.
Java2C, improve security protection level
Bytecode is converted into native binary code to increase the difficulty of code cracking. The code is compiled into a .so file that can be called by JNI, which prevents attackers from reverse analyzing the Java code.
Enterprise-level capability support
OpenAPIs of MSA are provided to facilitate integration with customer systems such as Jenkins and improve automation efficiency. MSA can be used with the hotfix feature and supports mainstream hotfix capabilities, including mPaaS hotfix, Alibaba hotfix, and Tencent Tinker hotfix.
Features
MSA provides the following hardening capabilities for Android apps, iOS apps, and HTML5 apps. For more information about hardening capabilities, see Terminology.
Security hardening capabilities for Android apps include hardening on APK and AAB packages and hardening on classes.
Security hardening capabilities for iOS apps include constant encryption, instruction replacement, control flow flattening, branch forgery, junk instruction and bad instruction injection, call graph obfuscation, symbolic encryption, and pointer encryption.
Security hardening capabilities for HTML5 apps include expression replacement, constant string encryption, code compression, object key name (object domain name) replacement, anti-formatting, anti-debugging, function variable name confusion, JS domain name binding, prohibiting console output, control flow flattening, fake control flow, Virtual Machine Protection (VMP).