Protect your customer data and your reputation with our state-of-the-art security
Secure valuable gaming revenue streams & maintain user trust with our Unity integration
Secure your e-commerce revenue & safeguard data by layering mobile app protection
From an attacker’s perspective, targeting a mobile app is similar to laying siege to a castle. They’ll start by analyzing the perimeter of the defenses or castle wall, often using static analysis, to identify potential weak points. Then, they’ll move on to hooking or another dynamic analysis technique to break through the weak point to compromise the app.
Code obfuscation is essentially the outer castle wall, defending against static analysis attempts. Its purpose and mission is to protect the inner workings of the app and, in turn, its potential weak points. Implementing multiple layers of defenses can stop attackers in their tracks and prevent them from easily exploiting the mobile application.
In this post, we’ll discuss the benefits of implementing multi-layered obfuscation. We’ll also cover some of the most common types of obfuscation and a few techniques specific to the Android and iOS platforms.
At Guardsquare, our team of security experts is constantly researching the mobile threat landscape. Part of this research extends to understanding how companies are protecting their mobile applications. A mistake we commonly see is mobile app publishers relying on only one obfuscation technique.
We recognize two primary reasons mobile app developers aren’t implementing multi-layered obfuscation:
While inadequate obfuscation may be putting mobile app publishers at risk, the good news is that implementing multiple layers of obfuscation can significantly improve their mobile app’s security posture without impacting app performance.
The key to implementing effective obfuscation is reinforcing the app with multiple obfuscation techniques. But here’s where and why that matters: the individual techniques reinforce each other. Here are some of the most important types of obfuscation:
Along with the previous types of obfuscation – which are some of the most common techniques – there are certain tactics that can only be implemented on a particular platform.
Guardsquare’s DexGuard and iXGuard solutions are built to fortify apps with multiple layers of obfuscation. Along with implementing a wide range of obfuscation types, Guardsquare is constantly adding new techniques to improve the effectiveness of the hardening measures. By going both deeper and wider, comprehensive obfuscation can effectively prevent static analysis attempts.
In addition, AppSweep is a mobile app security testing solution that can detect potential weaknesses in an app before attackers can. Built on the ProGuard open source technology, Guardsquare is continuously improving the tool to better evaluate and identify potential pitfalls that could be further exploited with both static and dynamic analysis.