Leuven (Belgium), Febr. 17, 2016 – Guardsquare, the leading expert in mobile application protection, adds pluggable encryption to DexGuard, its state-of-the-art security software for Android applications. This patent-pending feature enables DexGuard users to plug in proprietary algorithms for the encryption and decryption of their application’s code and resources.
In our increasingly mobile world, DexGuard provides critical protection against the abuse of Android applications and SDKs. It shields mobile applications and SDKs from reverse engineering and all kinds of hacking attacks (cloning, key extraction, license bypassing, man-in-the-middle attacks, tampering, theft of intellectual property etc.), thereby guarding their publishers from reputational and financial damage. The protection applied by DexGuard hinges on two, mutually reinforcing, approaches. First of all, DexGuard protects the source code of the application or the SDK against static analysis using a variety of obfuscation and encryption techniques. Secondly, DexGuard enhances the application to shield it from active analysis and live attacks. Read more about the protection DexGuard offers on www.guardsquare.com/dexguard.
For the encryption of the source code, DexGuard – like other cryptographic software – follows Kerckhoffs’s principle: it relies on the strength and secrecy of the cryptographic key to ensure the security of the encryption. To reinforce this tried and tested approach, Guardsquare has decided to give the users of DexGuard the ability to plug in proprietary algorithms for the encryption and decryption of strings, resources, assets and native libraries. Thanks to pluggable encryption, as the newly introduced feature is named, the DexGuard user can make sure that the encryption of his application or SDK is radically different from the encryption of any other DexGuard protected application or SDK. The user can even choose to use different algorithms to encrypt different levels and/or parts of his application. The protection of his application then not only relies on the variability and strength of the cryptographic key – the piece of information that determines how a particular input is processed by a particular algorithm – but also by the variability of the algorithm itself.
Eric Lafortune, CTO of Guardsquare, explains: “By allowing DexGuard users to write and use their own cryptographic algorithms, we introduce an additional element of unpredictability in the equation. This makes it much more difficult for hackers to fall back on their knowledge of the protection of other applications or parts of the application’s code while reverse engineering. Interestingly, customers that make use of this possibility do not only reinforce the protection of their own applications and SDKs but also contribute to the overall security of the mobile ecosystem. The more variability there is in terms of encryption and obfuscation, the harder it becomes to tamper with any protected application.”
An additional advantage of pluggable encryption is that it allows developers to better balance security and performance needs. In principle, the implementation of security measures affects the performance of the protected application in a negative manner. DexGuard already counters the negative impact of encryption through code optimization and shrinking. But pluggable encryption makes it possible to better differentiate the applied protection: critical parts of the application can be encrypted and decrypted using complex but more demanding algorithms, while less critical parts can be secured using less elaborate ones. In this regard, pluggable encryption is an invaluable tool for the development of applications that are both secure and user-friendly.
Heidi Rakels, CEO of Guardsquare, explains that the introduction of pluggable encryption is entirely in keeping with Guardsquare’s policy to give maximal control to its customers. “We have always strived to offer DexGuard users as much control as possible over the protection of their own applications. The newly added feature of pluggable encryption opens new possibilities for customization. It is a crucial asset in the battle against application abuse, but it also gives our customers the ability to better adapt the applied protection to their security and performance requirements.”
Guardsquare's CFO, Jürgen Ingels, is convinced that the introduction of pluggable encryption is a veritable game changer: “At Guardsquare, we strongly believe that the kind of customization enabled by pluggable encryption will be of crucial importance for the future development of mobile application protection. That is the reason why we were so eager to file a patent application for this novel technology.”
Guardsquare protects apps while making them faster and smaller. Guardsquare’s open source solution ProGuard is included in software development kits by Oracle, Intel and Google. It has been downloaded tens of millions of times since its release in 2002 and has a user community of over one million developers. Building on the success of ProGuard, Guardsquare offers DexGuard, a state-of-the-art solution for the protection of Android applications against reverse engineering and hacking attacks. Guardsquare is based in Leuven (Belgium) and is currently setting up offices in Asia, the Middle East and North-America. Its client base spans a broad range of industries, from telecommunication, e-commerce and financial services to gaming and new media.
Read more about Guardsquare on www.guardsquare.com.