Licel LLC has announced today the availability of the new version of its application security solution designed specifically for developers targeting the Android platform. DexProtector 4.6 fights malicious application repackaging and intellectual property theft by encrypting critical application data and scattering numerous integrity checks across its code.
According to multiple studies, the majority of Android malware consists of repackaged legitimate apps. The ease of decompiling Android binaries has created an abundance of free reverse engineering tools, enabling hackers to submit modified versions of popular Google Play applications to third-party marketplaces. Whether those hackers plant backdoors or malicious payloads into the code of those applications, or simply re-route ad revenues, these actions not only deprive the original authors of income streams, but also hurt their reputation and the reputation of third-party marketplaces.
DexProtector provides the original authors and publishers with multiple options to protect their Android applications:
- Encrypt application data such as strings and assets
- Encrypt application classes
- Hide method calls
- Verify application integrity at run time
Integrity control is always enabled. DexProtector injects multiple snippets of cross-checking code across the entire binary, so any subsequent modification of the code would make the application stop functioning. Other options can be turned on/off completely, or enabled selectively for particular classes or even particular strings.
Compared to other Android app protections solutions available on the market, DexProtector requires little to no configuration and avoids making potentially unsafe changes such as name or control flow obfuscation. "We have run the Google Play Top-10 apps through DexProtector with default settings," said Ivan Kinash, Licel CEO and Founder, "and they all kept working just fine."
DexProtector can be run standalone, either in GUI or command-line mode. An Ant task and a Maven plugin are readily available for integrating DexProtector into the build process.
DexProtector 4.6 is available immediately for evaluation and purchase at its dedicated Website, http://dexprotector.com. A fully functional 15-day trial license is provided. DexProtector is licensed per seat, i.e. a separate license is required for each developer workstation or build server. The single-seat license price of $500 includes one year of technical support, renewable annually at a fraction of a new license price. The license itself is perpetual. Volume pricing is available on request.
What is new in 4.6?
- Android 4.4 (KitKat) and Android SDK r22.3 support
- A new parameter DX_MEM for setting a memory amount to be used by Android Tools
- The ClassEncryption and HideAccess features are improved
- StringEncryption feature’s performance is sped up