Protect your customer data and your reputation with our state-of-the-art security
Secure valuable gaming revenue streams & maintain user trust with our Unity integration
Secure your e-commerce revenue & safeguard data by layering mobile app protection
Much like an artist deconstructs and analyzes a masterpiece to comprehend the methods used by the original creator, an attacker dissects code to unravel its intricacies. Reverse engineering a mobile application involves analyzing the compiled app to extract details about its source code. The primary objective of this process is to gain a comprehensive understanding of the code. This goal encompasses the potential threat of intellectual property theft or creating fraudulent app versions for malicious purposes.
Reverse engineering should not be confused with tampering which, on the other hand, refers to the act of modifying a mobile app—be it the compiled app itself or its ongoing processes or environment—to influence its behavior. For instance, if an app refuses to operate on your rooted test device, hindering certain tests that you need to run, you may need to make adjustments to, or tamper with, the app's behavior in such scenarios.
Reverse engineering can be broadly classified into static and dynamic analysis.
Static analysis debugs compiled code without running the application. In this process, attackers use static code analyzers - software that examines the code - to look for weaknesses.
An attacker can have diverse objectives. Some examples could be:
Harvesting valuable data involves searching for hard-coded or plain-text information with the risk being unauthorized access to sensitive data. Understanding app permissions and interactions through static analysis is crucial for exploiting data sharing, potentially leading to leaks or enabling malware creation. Intelligence gathering on the app's code aims to modify, bypass security controls, or alter workflows.
The steps to analyze an application statically often include the use of decompilers and disassemblers to extract or disassemble compiled APKs. Analyzing the source code is done either manually or automatically using a tool. For example, in Android, this involves extracting or disassembling compiled APKs through Android decompilers like JADX, bytecode viewer, JAD, CFR, etc
Dynamic analysis involves analyzing a mobile app by actively running its binary and observing it to identify weaknesses or vulnerabilities.
Unlike static analysis, which may struggle to uncover certain data storage issues, dynamic analysis readily exposes persistently stored information and assesses the adequacy of its protection. Dynamic analysis can reveal many insights, a few examples include:
Application assessment can take various forms, including side-loading, re-packaging, or direct attacks on the installed version.
Attackers have a wide range of tools at their disposal to allow them to carry these out. Two major categories include debuggers and hooking tools:
Utilizing tools for debugging involves extracting .class files from the deployed application during runtime. Examples of some tools commonly used are: ADB, Frida, and JDWP. The JDWP protocol for example is extensively employed for real-time app debugging through standard IDEs. JDWP offers several commands to:
Monitoring HTTP requests and responses is a prevalent method for detecting potential exposure of sensitive information to APIs, granting additional access, or revealing details about backend servers. Networking applications tools facilitate the logging of all requests and responses, either from the device or a specific IP address.
Defending against static and dynamic analysis and attacks necessitates a multi-layered security approach. Guardsquare provides comprehensive protection for mobile applications, effectively defending them against both static and dynamic analysis and potential attacks. The integration of Guardsquare's solutions seamlessly aligns with development processes, augmenting Android and iOS applications and SDKs with multiple layers of protection.
Through the implementation of multiple layers of different obfuscation techniques and encryption, both automated and manual static analysis become challenging and cost-intensive. The primary objective of obfuscation is to increase the intricacy of understanding code from a static analysis perspective. Various obfuscation techniques, including encryption and the implementation of Runtime Application Self-Protection (RASP), contribute to establishing multilayered protection essential for mitigating dynamic threats.
For dynamic analysis threats, Guardsquare adopts RASP (Runtime Application Self-Protection) solution. RASP mechanisms actively monitor the integrity of applications and their environments in real time. A comprehensive mobile app security strategy should incorporate runtime application self-protection (RASP) to thwart attackers aiming to analyse your app's functionality for reverse engineering and compromise.
Among others, RASP can detect the following essential runtime checks:
Developers can seamlessly integrate RASP checks into their app's code using DexGuard and iXGuard, ensuring the inclusion of protection mechanisms while maintaining the flexibility to exclude specific code sections for optimized performance. By harnessing DexGuard and iXGuard to inject unique RASP checks with each new build, coupled with continuous monitoring through ThreatCast, your app's security posture is maximized, safeguarding your application against sophisticated threats.