How to create a security hardening task - Mobile Platform as a Service

Application security hardening strengthens the entire application and its core classes. This topic describes how to create a hardening task.

Mobile Application Security supports hardening the following objects:

The entire APK/AAB: Provides anti-decompilation protection, DEX file shell protection, DEX file tamper-proofing, white-box attack prevention, shell encryption algorithm protection, anti-debugging protection, memory tamper-proofing, anti-hooking protection, anti-emulator protection, APK/AAB anti-repackaging protection, and memory dump prevention.
Core classes: Obfuscates Java code to hide the actual execution flow. This prevents decompilation by tools such as jadx-gui and jeb, making the hardened code difficult to read.
.so files: Encrypts .so files to make them more difficult and costly to crack.
Asset files: Encrypts asset resource files to meet regulatory requirements.

Note

Hardening the entire APK/AAB is required. Hardening core classes, .so files, and Asset files is optional. You can select optional hardening items as needed.

Prerequisites

Before you begin, ensure the application that you want to harden meets the following requirements:

The file format must be .apk or .aab.
The application must not be hardened. Mobile Application Security does not support hardening an application that has already been hardened.
The APK/AAB package must be signed. This is required because the hardening process includes anti-repackaging protection, which relies on the original signature.
If you want to harden the Asset files in the application, ensure that minSdkVersion is 21 or higher, which corresponds to Android 5.0 or later.
The APK/AAB size must be 300 MB or less.

Important

After you purchase the service, the package name of the first application you harden is automatically bound to the service. After binding, you can only harden applications that have this package name. The package name cannot be changed after it is bound. This restriction does not apply during the trial period.

Procedure

Follow these steps to create a hardening task.

Go to the mPaaS console and select your target application from the list.
In the left navigation pane, click Security > Mobile Security Armor > Android application security hardening.
Click Create Security Hardening to go to the Upload Application to Be Hardened page.
Click Upload Application to upload the installation package. You can click Cancel Upload during the upload process. If you cancel, the Upload application to be hardened page returns to its initial state.
Note
If the uploaded APK/AAB does not meet the requirements, the upload fails. In this case, click Re-upload. The Upload application to be hardened page returns to the initial status.
After the upload is successful, the Confirm Security Hardening Information page appears. On this page, complete the following steps:
- Confirm Application Information: View the App information in the Application Information column.
  - The name of the App.
  - The name of the specified App package.
  - The version of the App.
  - App Size
- Confirm the hardening information: In the Hardening Information section, view the overall hardening service provided for the APK/AAB.
  - Shell protection
  - AndroidManifest file tamper protection
  - Signature File Protection
  - Anti-debugging protection
  - Anti-native App debugging
  - Anti-memory dump protection
  - Anti-simulator running protection
  - Anti-Root Device Operation Protection
  - Anti-memory data read protection
  - Protection against in-memory data modification
  - Hook attack protection
  - Protection against memory code injection
- Select Shell Mode: By default, Quick Mode is selected.
  - Quick mode: The App in this mode starts faster than the App in the compatible mode. However, the App may crash in some Android models.
  - Compatibility Mode: In this mode, Apps that are shelled in the fast mode start slower than Apps that are hardened in the fast mode. However, Apps that are shelled in the fast mode have higher compatibility.
    Note
    We recommend that you use Compatibility Mode to shell Apps.
- Add Classes for Security Protection: Optional. Select the classes that you want to harden.
  1. Optional. Enter a class name and click Search to search for the class. We recommend that you enter a complete class name to search. If more than 1000 class names are search results, the platform cannot display search results. In this case, you need to enter a complete class name to search again.
  2. Click the check box corresponding to the target class to select the target class. Supports multiple choices. A maximum of 300 classes are supported.
    Note
    The name of the selected class appears below the search box. Click × to deselect the corresponding class.
- Select So File to Protect: Select the So file that needs to be hardened.
  1. Enter a keyword in the name of the So file and click Search to search for the file.
  2. Click the check box before the So files to be hardened to select one or more target So files.
    Important
    When selecting the So file to be hardened, we recommend that you do not select a third-party So file for hardening, because it is of little significance to harden the third-party So file to improve App security and is prone to compatibility issues.
- Select Assets File: Select the assets file that you want to protect.
  1. Enter a keyword in the name of the Assets file and click Search to search for the file.
  2. Click the check box before the assets file to be hardened to select one or more assets files.
Click Confirm to harden the App. If the Application Hardening message appears, the task is created. Click View Hardening List to go to the Application Security Hardening page. The card of the current task is added to the list. In the card, you can view the hardening progress of the task and download the APK/AAB after hardening.

What to do next

Download security hardening package