Ivan has posted 22 posts at DZone. View Full User Profile

DexProtector 4.6.0 with Android 4.4 Support Released

11.11.2013
| 945 views |
  • submit to reddit

Licel LLC has announced today the availability of the new version of its application security solution designed specifically for developers targeting the Android platform. DexProtector 4.6 fights malicious application repackaging and intellectual property theft by encrypting critical application data and scattering numerous integrity checks across its code.

According to multiple studies, the majority of Android malware consists of repackaged legitimate apps. The ease of decompiling Android binaries has created an abundance of free reverse engineering tools, enabling hackers to submit modified versions of popular Google Play applications to third-party marketplaces. Whether those hackers plant backdoors or malicious payloads into the code of those applications, or simply re-route ad revenues, these actions not only deprive the original authors of income streams, but also hurt their reputation and the reputation of third-party marketplaces.

DexProtector provides the original authors and publishers with multiple options to protect their Android applications:

  • Encrypt application data such as strings and assets
  • Encrypt application classes
  • Hide method calls
  • Verify application integrity at run time

Integrity control is always enabled. DexProtector injects multiple snippets of cross-checking code across the entire binary, so any subsequent modification of the code would make the application stop functioning. Other options can be turned on/off completely, or enabled selectively for particular classes or even particular strings.

Compared to other Android app protections solutions available on the market, DexProtector requires little to no configuration and avoids making potentially unsafe changes such as name or control flow obfuscation. "We have run the Google Play Top-10 apps through DexProtector with default settings," said Ivan Kinash, Licel CEO and Founder, "and they all kept working just fine."

DexProtector can be run standalone, either in GUI or command-line mode. An Ant task and a Maven plugin are readily available for integrating DexProtector into the build process.

DexProtector 4.6 is available immediately for evaluation and purchase at its dedicated Website, http://dexprotector.com. A fully functional 15-day trial license is provided. DexProtector is licensed per seat, i.e. a separate license is required for each developer workstation or build server. The single-seat license price of $500 includes one year of technical support, renewable annually at a fraction of a new license price. The license itself is perpetual. Volume pricing is available on request.

What is new in 4.6?

  • Android 4.4 (KitKat) and Android SDK r22.3 support
  • A new parameter DX_MEM for setting a memory amount to be used by Android Tools
  • The ClassEncryption and HideAccess features are improved
  • StringEncryption feature’s performance is sped up

About Licel

Founded in 2011 by a group of engineers with a strong track record in the development of secure IT systems for industries such as banking and healthcare, Moscow-based Licel LLC (www.licel.ru) creates application protection solutions for Java and Android platforms. Its open source project jCardSim (http://jcardsim.org), a Java Card simulator, has won the 2013 Duke's Choice Award.
0
Published at DZone with permission of its author, Ivan Kinash.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)