To apply security on APP I developed 1 - Analyze APP

teamliapp

LIAPP

Posted on May 16, 2023

To apply security on APP I developed 1 - Analyze APP

The application of the LIAPP is divided into three steps.

(1) Analyze APP
(2) Apply Security
(3) Download and Distribution

(1) ‘Analyze APP’

Image description
This is a very useful step for people who don’t know what security options to apply to their APP.
Click the ‘NEW APP’ button on the left side of the LIAPP site to easily enter the ‘Analyze APP’ step, as shown below.

[ OS ]
It distinguishes whether the app has been developed for Android or iOS.

[ NAME ]
This field is entered the name of the app for your convenience.
Finally, drag & drop app files or select files(android : .apk, iOS : .IPA) and click the ‘GO’ button to start an app analysis and appear the selectable options by user among the suitable security options.

[ 1st step : select class to protect ]

Image description

The first page is a page you can select the important classes you want to protect within the app.
When entering this page, LIAPP analogizes the class to be initially protected and suggests basically.
Once set. LIAPP will encrypt the selected class within the app in the next ‘Apply Security’ step and encrypts the important/critical string declared internally.

Class encryption and important/critical string encryption are one of the most important functions for protecting apps.
These functions may not leak important functions and information from hackers or competitors by not exposing POST values, URLs, account information, and other extremely important information declared by the app during development.

Please note that Class encryption is one of the most resourse-intensive tasks when running apps.
Therefore, it is not recommended to select classes that will not need to be protected by the fact that the more classes you choose, the slower the app will be initially driven.
Class that you don’t need to protect.

The basic classes provided by Android, or 3rd party sdk downloaded and used externally, are not important properties of the company, so it is effective in execution.

Image description

The second page is for customers who use the ‘google play app signing’ system provided by Google market.
Using google play app signing is to avoid detection of the anti-tamper function of the LIAPP because a new signing is made by using the signing key registered with google , rather than the last one you signed and some internal files are also changed.
If you don’t use the ‘google play app signing’ system, you can proceed to the next step without selecting the appropriate part.

[ 3rd step : JNI NATIVE FILE PROTECTION ]

Image description
The third page is a function that protects the JNI NATIVE LIBRARY used by the app.
Select any file in the list that you want to protect and it will be encrypted and stored in the app to prevent malicious analysis.
If you are not using JNI NATIVE LIBRARY, the page does not appear.

[ 4th step : UNITY Protection ]

Image description

The fourth page is for users who have developed apps using UNITY.
Click the check box to encrypt and protect the sensitive code of the user created by UNITY.

This concludes all the procedures for app analysis.
It’s a little bit longer to explain the precautions and the actions actually being protected by the LIAPP, but if you go ahead, you’ll see a few clicks that ends very quickly.

If you want to learn details about it, visit LIAPP’s website @ https://liapp.lockincomp.com/blog/

💖 💪 🙅 🚩
teamliapp
LIAPP

Posted on May 16, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related