Once a mobile app is publicly released, attackers can inspect it for exploitable coding errors and vulnerabilities. Zimperium’s zShield hardens and protects the app with advanced obfuscation and anti-tampering functionality to limit attacks such as reverse engineering, piracy, removing ads, extracting assets, extracting API keys and repackaging with malware.
zShield hardens and protects your apps in three primary ways:
To prevent reverse engineering attempts utilizing static analysis, zShield deploys numerous code hardening techniques to obfuscate code visibility. Two techniques of many are Name Obfuscation and Control Flow Obfuscation:
Unlike other solutions that rely upon manual pen testing to demonstrate effectiveness and have no active reporting, zShield provides immediate and on-going reporting on hacking attempts.
zShield reports app tampering events into Zimperium’s administration and reporting dashboard, zConsole, and offers comprehensive forensics. zShield protects your apps against dynamic analysis and live attacks using various runtime self-protection mechanisms like SSL pinning, hook detection and certificate checks.
zShield transparently integrates into your build process and requires no changes to your source code. It provides plugins for all common build tools and development environments like Gradle, Android Studio, Ant, Eclipse, Maven, and custom builds.
After your app is optimized and obfuscated with zShield, it will report hacking and tampering attempts directly into your Zimperium console and can be easily integrated with your security information and event management (SIEM) system for further analysis and action.
“Security and risk management leaders must take due care in protecting their application clients to avoid turning a promising software design trend into a security failure.”
– Gartner’s Market Guide for In-App Protection Report (July 3, 2019; Dionisio Zumerle and Manjunath Bhat)
Copyright © 2020 Ameritec All Rights Reserved