AppCAMO provides Frida Detection for iOS App, which detects API hooking and memory hacking

 

App shielding solution AppCAMO-iOS strongly protects iOS apps from threats that may occur when running iOS apps, by not only providing RASP(Runtime Application Self-Protection) such as jailbreak detection, debugger detection, and emulator detection, but also providing additional RASP that detects Hestia Tweak & Shadow Tweak which bypass jailbreak detection, and the hacking tool Frida,

 

In this blog, we inform you that AppCAMO-iOS provides technology to detect Frida, the most used and powerful hacking tool by hackers.

Fig.1 App Security Solution AppCAMO-iOS Features

Frida is a Dynamic Binary Instrumentation (DBI) framework that can monitor and modify the behavior of running apps, allowing to decrypt the encrypted source code of apps, to hook APIs and bypass jailbreak detection, and more. When diagnosing vulnerabilities in mobile apps or when hackers attempt hacking, Frida, a relatively easy-to-use and powerful hacking tool, is often used.

Fig.2 FRIDA Logo

Hackers or attackers can use scripts written in Frida to find vulnerabilities in iOS apps and make them perform their desired functionalities, putting iOS apps at risk.

There are various ways to detect Frida (Frida library detection, Frida server detection, Frida binary detection, Frida segment detection, etc.) that provide jailbreak detection bypass for iOS apps. Among them, two that are available on GitHub are as follows.

Check whether the Frida library is loaded in the process.

This detection method starts by checking which dylib is currently loaded by calling functions such as _dyld_image_count() and _dyld_get_image_name(). This method makes it extremely difficult to patch dynamically because the patches themselves are part of the dylibs.

Fig.3 Frida Detection Example 1

Check if the process has been tampered with

This detection method detects Frida by checking code integrity.

Fig.4 Frida Detection Example 2

The above Frida detection methods are already known technologies. AppCAMO-iOS' Frida detection combines and integrates several technologies to ensure that Frida detection cannot be easily bypassed. The more diverse and complex the Frida detection methods are, the more difficult it is to bypass them. AppCAMO-iOS provides highly advanced Frida detection.

 

App security solution AppCAMO provides Multi-Layered Protection that strongly blocks app hacking, and has world-class app security technology by providing app hacking detection even during runtime. We are expanding our sales not only domestically but also to overseas markets such as Southeast Asia and the United States.

 

If you are interested or have any questions about this solution, please contact us below at any time.

Mail: appcamo@appcamo.com

Phone: +82-2-6951-3296

www.appcamo.com

AppCAMO provides iOS apps with Hestia Tweak Detection

 

 

App shielding solution AppCAMO-iOS strongly protects iOS apps from threats that may occur when running iOS apps, by not only providing RASP(Runtime Application Self-Protection) such as jailbreak detection, debugger detection, and emulator detection, but also providing additional RASP that detects Hestia Tweak & Shadow Tweak which bypass jailbreak detection, and the hacking tool Frida.

 

Currently, other iOS app security solutions provide RASP technologies such as jailbreak detection, debugger detection, and emulator detection. However, it can be vulnerable to threats due to powerful hacking tweaks such as Hestia Tweak. 

Fig.1 Hestia Tweak that bypasses jailbreak detection

Hestia is a hacking tweak that bypasses jailbreak detection by modifying or deceiving files, permissions, and processes that change during the jailbreak process, and supports iOS 11 to iOS 14.

Fig.2 Settings for Hestia Tweak

AppCAMO-iOS can block powerful hacking tweaks like Hestia, preventing serious consequences such as damaged brand image and revenue loss for customers due to app duplication, personal information leakage, and intellectual property infringement.

Fig.3 AppCAMO-iOS app security features

App security solution AppCAMO provides Multi-Layered Protection that strongly blocks app hacking, and has world-class app security technology by providing app hacking detection even during runtime. We are expanding our sales not only domestically but also to overseas markets such as Southeast Asia and the United States.

 

If you are interested or have any questions about this solution, please contact us below at any time.

Mail: appcamo@appcamo.com

Phone: +82-2-6951-3296

www.appcamo.com

App Security Solution AppCAMO, Compatible with ProGuard and R8 compiler

Today we announce that AppCAMO, an app obfuscation solution, offers compatibility with ProGuard and R8, which optimizes code and reduces app size. In the meantime, Google has recommended basic obfuscation and app optimization functions through ProGuard. Starting with Android Gradle plugin 3.4.0 and higher, ProGuard can no longer be used and it is recommended that you build your project using the R8 compiler.

Therefore, we have made it possible to apply AppCAMO not only to mobile apps that use ProGuard but also to mobile apps that use R8 compiler, allowing them to use app minification, optimization, and obfuscation.

Shrink, obfuscate, and optimize your app

To make the app as small as possible, you can remove unused code and resources with R8's shrinking, and with its obfuscation, replace class names, method names, and field names with short characters such as a, b, c, etc. You can reduce the size of the app as much as possible along with optimization that further reduces the size.

​If you build your project using the Android Gradle plugin 3.4.0 or later, the plugin no longer uses ProGuard to optimize your code, but instead handles the following compilation tasks with the R8 compiler:

​Code shrinking (or Tree Shaking): detects and safely remove unused classes, fields, methods, attributes, etc. from your app and its libraries. For example, if you uses only a few APIs of a library dependency, code shrinking can identify library code that your app doesn't use and remove only that code from your app.

Resource shrinking: removes unused resources from your packaged app, including unused resources from libraries. Resource shrinking can be used in conjunction with code shrinking to remove unused code and similarly safely remove resources that are no longer referenced.

Obfuscation: reduces the DEX file size by changing class names, method names, field names, etc. to letters such as a, b, c, etc.

Optimization: Inspect and rewrite your code to further reduce the size of your app DEX file. For example, if R8 detects that the else {} branch of a given if/else statement is never used, R8 will discard the else {} branch code.

When building the release version of your app, R8 can be configured to perform the compile-time tasks described above for you. You can also disable certain tasks or customize R8's behavior through ProGuard rules files. In fact, R8 works with all of your existing ProGuard rules files, so updating the Android Gradle plugin to use R8 should not require you to change your existing rules.

​Enable R8

If you use Android Studio 3.4 or Android Gradle plugin 3.4.0 or higher, R8 is the default compiler that converts your project's Java bytecode to DEX format that runs on the Android platform. However, when you create a new project using Android Studio, R8's code/library shrinking, obfuscation, and optimization features are not enabled by default. Therefore, it is best to turn on these R8 features when building the final version of your app before deployment.

To use R8 features, include the settings below in your build.gradle file.

Fig.1 Groovy

Fig. 2 Kotlin

To summarize, it is as follows.

If minifyEnabled is True, unused code is removed, and optimization and obfuscation functions are performed.

If ShrinkingResources is True, unused libraries are removed.

ProguardFiles sets rules to exclude class names, method names, field names, etc. from obfuscation.

For more details, please refer to the URL below.

https://developer.android.com/studio/build/shrink-code

AppCAMO, an app obfuscation and anti-tampering solution, was developed to be compatible with these R8 features, so you can still use R8's unused code/library shrinking, optimization, and obfuscation features. 

By using AppCAMO's diverse and powerful app security technologies(Code Hardening & RASP) together with R8's useful features, you can not only optimize code and reduce app size, but also enable strong app security.

"App security solution AppCAMO provides multi-layered protection technology that strongly blocks app hacking, and has world-class app security technology by providing app hacking detection and prevention technology even at runtime. We are expanding our sales not only in Korea, but also in overseas markets such as Southeast Asia and the United States."

If you are interested in this solution or have any questions, please feel free to contact us below.

Email : appcamo@appcamo.com

Phone : +82-2-6951-3296

www.appcamo.com

App Security Solution AppCAMO protects AAB files

 "App shielding solution AppCAMO protects Android native apps such as Java and Kotlin, and Cross-Platform apps(hybrid apps) such as Cordova, Ionic, React Native, and Cordova extensions against reverse engineering and tampering."

From August 2021, when distributing new Android apps to Google Play, Google changed the app policy so that it can only be uploaded using the new app file format, AAB, rather than the existing APK, which is the existing app file format.

Fig. 1 Android App security - APK file architecture

APK file size continues to increase

Currently, APK files have a single architecture called "FAT Binary", supporting multiple devices with different CPUs(ARM, ARM64, x86, etc).

The APK file size is inevitably increased over time due to the addition of high-definition resources for supporting new devices or high-resolution hardware, and the addition of language sets for multi-language support.

Fig. 2 Android App Shielding - AAB file architecture

Recommend AAB file format to solve APK file size issue

In 2018, Google analyzed the correlation between APK size and installation rate and announced that for every 6MB increase in APK size, the percentage of users installing apps dropped by 1%.

Google recommended the AAB file format to solve this APK file size issue.

If the developer builds the app as an AAB file and distributes it to Google Play, the APK file optimized for the user's device can be downloaded, reducing the app size, download time, disk allocation size, and installation time.

Fig. 3 AAB file architecture and contents

Base APK: Essentials to run an app

Configuration APK: CPU, screen density, and language classification

Dynamic Feature APK: Focus on features for small users or infrequently used add-ons

Asset Pack APK: Focus on features that require a lot of graphics, such as games

BUNDLE-METADATA: Metadata that includes useful information related to Google Play, including ProGuard mapping information and full DEX file list information.

Module protocol buffer (*.pb) file: Metadata that helps to describe the contents of each app module on Google Play, and provides information necessary to generate an APK optimized for the device.

 

App Security Solution AppCAMO protects AAB file

AppCAMO’s AAB protection technology provides more than 20 security technologies that comply with OWASP(Open Web Application Security Project), the same as AppCAMO’s APK protection technology. And, it consists of static analysis prevention(Code Hardening) technology and dynamic analysis prevention(RSAP: Runtime Application Self Protection) technology.

Static analysis prevention(Code Hardening) protects AAB files from hacking.

decompile prevention,

repackaging prevention,

class name obfuscation,

method name obfuscation,

field name obfuscation,

code encryption,

string encryption,

resource encryption,

hybrid app Encryption(JavaScript encryption, WebView encryption);

custom hybrid app encryption(custom webview encryption);

debug information removal,

Logcat log removal, and more.

 

Dynamic analysis prevention(RASP) blocks hacking attempts while an app is running.

tampering detection,

debugger detection,

root detection,

emulator detection(Virtual Machine detection);

root hide detection(Magisk/Magisk Hide detection);

Hacking tool detection(Frida detection),

API hooking prevention,

memory hack prevention,

screen capture prevention,

clipboard copy protection,

Usage time control, and more.

AppCAMO provides the same app protection technology for AAB file as well as APK file of Android app.

"App security solution AppCAMO provides multi-layered protection technology that strongly blocks app hacking, and has world-class app security technology by providing app hacking detection and prevention technology even at runtime. We are expanding our sales not only in Korea, but also in overseas markets such as Southeast Asia and the United States."

If you are interested in this solution or have any questions, please feel free to contact us below.

Email : appcamo@appcamo.com

www.appcamo.com

AppCAMO blocks threats such as root detection bypass and hooking caused by Frida or Magisk/Magisk Hide/Magisk Delta

"App obfuscation solution AppCAMO-Android provides additional RASP technologies such as Magisk detection, Frida detection, API hooking prevention, and memory hacking prevention as well as basic RASP technologies such as rooting detection, tampering detection, debugger detection, and emulator detection. Through these various RASP technologies, AppCAMO-Android strongly protects apps from hacking threats that may occur when running apps."

Currently, most app shielding solutions provide basic RASP(Runtime Application Self-Protection) technologies such as root detection, tampering detection, debugger detection, and emulator detection. However, powerful hacking apps/tools such as Magisk/Magisk Hide and Frida that can disable these technologies may make apps vulnerable to hacking threats.

Magisk is a hacking app that disables the rooting detection technology by modifying or deceiving the files, permissions, and processes that are changed in the process of rooting so that they cannot be detected.

Frida is a Dynamic Binary Instrumentation framework that can monitor and modify the behavior of a running app, so it can decrypt the source code of an encrypted app, and is a hacking tool that can bypass rooting detection, etc.

Fig.1 Example of app hacking using Frida to bypass rooting detection

AppCAMO provides additional powerful RASP technologies as follows.

​Magisk/Magisk Hide detection(blocks bypassing root detection)

Magisk/Magisk Hide is a hacking app that disables the rooting detection by modifying or deceiving the files, permissions, and processes that are changed in the process of rooting so that they cannot be detected. Magisk detection is a self-defense mechanism that detects Magisk/Magisk Hide apps and prevents them from being hacked by shutting down on their own.

Frida detection(Hacking tool detection)

Frida is a tool used to test or fix problems by controlling apps running on various operating systems (Android, iOS, Windows, etc.), and is often used for hacking. With Frida, hackers can write scripts to change the behavior of an app to their liking. Frida detection is a self-defense mechanism that detects the execution of the Frida tool in the way recommended by OWASP and causes the app to terminate itself.

API Hooking Prevention

API hooking refers to detecting the function that the app calls for the function operation of the app, executing the function defined by the hacker when the function is called, changing the result value, or recording the call parameter. Using API hooking by Frida, hackers can make certain features of the app malfunction. API Hooking Prevention is a self-defense mechanism that prevents hacking by shutting down itself when API hooking is detected in the app or in an environment where API hooking is possible.

Memory hacking prevention

Memory hacking refers to reading a value that an app stores in memory while it is running, extracting information from the app or changing the value to cause the app to malfunction. Using memory hacking by Frida, hackers can control the score and stats of the game app, or steal information exchanged with the server. Memory hacking prevention technology is a self-defense mechanism that detects an environment where memory hacking is possible in an app and shuts itself down to prevent hacking.

"App shielding solution AppCAMO provides Multi-Layered Protection Technology that strongly blocks app hacking, and has world-class app security technology by providing app hacking detection and prevention technology even at runtime. We are expanding our sales not only in Korea, but also in overseas markets such as Southeast Asia and the United States."

If you are interested in this solution or have any questions, please feel free to contact us below.

Mail : appcamo@appcamo.com

Tel : +82-2-6951-3296

Home Page : www.appcamo.com

App shielding solution AppCAMO secures Hybrid(Cross-Platform) app

"App obfuscation solution AppCAMO protects Android native apps such as Java and Kotlin, iOS native apps such as Objective-C and Swift, and Cross-Platform apps(hybrid apps) such as Cordova, Ionic, React Native, and Cordova extensions against reverse engineering and tampering."

When developing mobile apps, Java and Kotlin are typical for Android, and Objective-C and Swift are common for iOS. However, to develop apps in these languages, developers need to understand both languages ​​and OS platforms. It requires more developers and, of course, it also increases the cost of operation & maintenance.

Fig.1 Cross-Platform React Native

So, to solve this problem, cross-platform Cordova, Ionic, React Native, Cordova extensions, and etc. have emerged. These are open source frameworks that can be developed with JavaScript and can be developed simultaneously for Android and iOS apps with a single programming language.

Fig. 2 Cross-Platform Cordova and Ionic

In the case of hybrid apps based on these frameworks and custom frameworks, important operation logic of the apps is written in JavaScript, which is in the resource area, so it is not subject to name obfuscation or code encryption. So, in this case, we encrypt them with AppCAMO's hybrid app encryption technology to ensure that no code or data is exposed. This hybrid app security technology is highly secure and powerful, but difficult to implement, so other app security vendors mainly provide JavaScript obfuscation or JavaScript string encryption.

AppCAMO provides strong protection by encrypting the entire JavaScript, which is an important core logic of hybrid apps developed with Cordova, Cordova Extension, Ionic, React Native frameworks, and their custom frameworks. In addition, the native code of hybrid apps is also secured with AppCAMO’s static analysis prevention(Code Hardening) and dynamic analysis prevention(RASP : Runtime App Self-Protection).

AppCAMO's static analysis prevention protects APK or AAB files from hacking.

decompile prevention,

repackaging prevention,

class name obfuscation,

method name obfuscation,

field name obfuscation,

code encryption,

string encryption,

resource encryption,

hybrid app encryption,

custom hybrid app encryption,

debug information removal,

Logcat log removal and more.

 

AppCAMO's dynamic analysis prevention blocks hacking attempts while apps are running.

tamper detection,

debugger detection,

root detection,

emulator detection,

root hide detection(Magisk/Magisk Hide detection)

Hacking tool detection(Frida detection),

API hooking prevention,

memory hacking prevention,

screen capture prevention,

clipboard copy prevention,

app usage time control, and more.

​

JavaScript frameworks such as React Native, Cordova, and Ionic simplify app development, but because they are not compiled to native code, they often suffer from poor app performance. However, Flutter is increasingly being chosen by developers because it allows them to build high-performance apps with fewer resources than native apps.

Fig. 3 Cross-Platform Flutter

AppCAMO will also provide security support for these Flutter frameworks. We would like to end this post today with a promise to give you good news soon.

"App security solution AppCAMO provides multi-layered protection technology that strongly blocks app hacking, and has world-class app security technology by providing app hacking detection and prevention technology even at runtime. We are expanding our sales not only in Korea, but also in overseas markets such as Southeast Asia and the United States."

If you are interested in this solution or have any questions, please feel free to contact us below.

Email : appcamo@appcamo.com

Phone : +82-2-6951-3296

www.appcamo.com

AppCAMO, App Security Consulting Case in Southeast Asia

"Mobile apps are very vulnerable to hacking because the source code of the app is easily exposed as a decompilation tool(reverse engineering tool). AppCAMO uses AppCAMO's static analysis prevention technology(code hardening) and dynamic analysis prevention technolog(RASP: Runtime Application Self Protection) when hackers try to hack mobile apps by static analysis and dynamic analysis. It protects mobile apps safely by thoroughly blocking hacking. AppCAMO-Android provides more than 20 static analysis prevention technologies and dynamic analysis prevention technologies that comply with OWASP, and AppCAMO-iOS provides more than 14 static analysis prevention technologies and dynamic analysis prevention technologies."

Mobile app shielding solution AppCAMO has proven its stability and security by being used in thousands of apps and 35 million smartphones every year through strategic R&D partnerships with large companies in Korea from 2014 to now. In addition to mobile carriers, customers continue to expand to fintech companies, financial companies, government agencies, large SI companies, physical security companies, railway companies, telecommunication service companies, software development companies, app development companies, government organizations, and local governments. In addition, we have been promoting overseas business and producing results in Southeast Asia since 2019.

Fig. 1 Mobile App Shielding Solution AppCAMO 4-Layered Protection Technology

Today, we would like to tell you a security story about a service app in Southeast Asia that is similar to KakaoTalk in Korea. In Southeast Asia, apps are frequently hacked, so many cloned apps are used. In the case of F* app in Southeast Asian country, there are many duplicate apps, so internet phone traffic is high, but ARPU(average monthly subscriber revenue) is continuously falling. A major wireline operator which was providing internet phone service with this app requested app security consulting from AppCAMO, Inc., and AppCAMO, Inc. provided the following consulting.

Fig. 2 Android App Security Solution AppCAMO-Android Security Technologies

In the case of an attack using an already exposed SIP server address or an attack using the API integration method, server security is required first, so securing only the app may not be effective in the attack. Therefore, we first identified how the hacker was attacking, and then took security measures in a way that suits the attack.

If AppCAMO technology is applied to the F* app, it prevents exposure of the server address, the method of interworking with the server, and the algorithm, and prevents the damage of using a tampered app for free. However, it was emphasized that complete security cannot be achieved unless the servers are changed together.

First, we identified the types of hacker attack. Here are the types of attacks: 

The first is that the existing F* app was not secure, so a tampered F* app was distributed to users, and abnormal traffic was generated through this app. 

Second, the hacker decompiles the existing F* app and creates a third app using the interworking method such as the server address or the format of data exchanged with the server, resulting in abnormal traffic. 

Third, when you normally log in to the server using the existing F* app, the SIP server address received from the server was disclosed, and free traffic occurred through other SIP apps.

These types of attack have been identified and the following actions have been taken.

- Change the API server address that works with the F* app

   The new version of the F* app has configured a new API server to communicate with, and the address and port used also need to be changed. If possible, we recommend using a different address and port for the SIP server.

- Launch a new F* app that communicates with a new API server

   At this time, AppCAMO Code Hardening technology such as code encryption, string encryption, decompile prevention, and repackaging prevention, and AppCAMO RASP technology such as tampering detection, debugger detection, rooting detection, emulator detection, Frida detection, and Magisk/Magisk Hide detection must be applied.

- When communicating with the server in the new F* app, it is recommended to use HTTPS protocol and apply SSL pinning technology.

- Stop using the existing API server and F* app for a certain period of time.

Fig. 3 iOS App Security Solution AppCAMO-iOS Security Technologies

In summary, by releasing a new server and a shielded new app, the server and information exposed through the existing F* app without security technology were invalidated. Through the new app to which AppCAMO, the mobile app obfuscation solution, was applied, it was possible to block the exposure of the method of interworking with the server and the exposure of the API address, and to prevent tampering of the app.

As a result of monitoring for 3 months through a new server and a AppCAMO shielded new app, free traffic was blocked and ARPU recovered again. Through the successful application of AppCAMO, we were able to increase customer satisfaction.

"AppCAMO-Android provides 4 Layered Protection Technology that fundamentally blocks app hacking, and has world-class app security technology by providing app hacking detection and prevention technology even at runtime. We are expanding our sales not only in Korea, but also in overseas markets such as Southeast Asia and the United States." 

If you are interested in this solution or have any questions, please feel free to contact us below.

Mail : appcamo@appcamo.com

Tel : +82-2-6951-3296

Home Page : www.appcamo.com

AppCAMO launches iOS app security solution AppCAMO-iOS

"Mobile apps are very vulnerable to hacking because the source code of the app is easily exposed as a decompilation tool (reverse engineering tool). AppCAMO-iOS protects iOS apps safely by thoroughly blocking hacking through static analysis prevention(Code Hardening) and dynamic analysis prevention(RASP : Runtime App Self-Protection) technology of AppCAMO-iOS when hackers attempt hacking using static analysis and dynamic analysis."

Fig. 1 iOS App Shielding Solution AppCAMO-iOS Security technologies

iOS app Vulnerabilities 

iOS is known to be secure as Apple fully owns its security controls, but it turns out that iOS has more security vulnerabilities than Android. And iOS jailbreak cases by hacking continue to increase. So, the assumption that iOS apps run in a secure environment can be risky.

iOS security problems mostly occur on jailbroken iOS devices, and it is possible to access system files inside iOS and control them remotely.

iOS apps are less secure than Android apps, and 40% of vulnerabilities found are fatal or severe, higher than Android's 36% (Checkmarx & AppSec Labs).

A study of the top 100 paid iOS apps in the Apple App Store found that 87% of them were hacked, 75% of the popular free iOS apps were hacked, and the percentage of popular iOS apps hacked has continued to rise over the past three years (ARXAN ).

Fig. 2 Why you need iOS app security ? 

Attack cases such as tampering iOS apps and infecting them with malware were discovered, and it was confirmed that the game Pokemon Go, which recorded 500 million downloads worldwide, also has an iOS cracked version in circulation.

AppCAMO protects iOS apps from hacking and reverse engineering through Code Hardening and Runtime App Self-Protection (RASP) mechanisms. Since most app security solutions are SDK-based, learning time and coding are required to apply security technology to the app, but AppCAMO is web GUI-based, so you can easily apply app security technology with simple clicks.

The most powerful mobile application protector against hacking

AppCAMO-iOS is one of the most powerful app shielding solutions that block hacking by applying various app security technologies hierarchically from hacking threats caused by reverse engineering and tampering.

AppCAMO-iOS is easy and convenient to use because you can select and apply security options with just clicks of the app security technologies on the web browser after uploading the Xcarchive file.

Fig. 3 iOS app security solution AppCAMO-iOS architecture

14 powerful app security technologies

AppCAMO-iOS provides 14 security technologies and is divided into static analysis prevention(Code Hardening) technology and dynamic analysis prevention(RASP: Runtime Application Self Protection) technology.

The static analysis prevention technology of AppCAMO-iOS protects the xcarchive file from hacking, which includes 

Name Obfuscation : It makes it difficult for hackers to analyze the source code by changing the source code. There are various technologies for obfuscation, and AppCAMO-iOS uses name obfuscation technology. Name obfuscation technology includes 

class name obfuscation, 

method name obfuscation, 

field name obfuscation, 

property name obfuscation, 

category method name obfuscation, 

category property name obfuscation, 

protocol name obfuscation, 

protocol method name obfuscation, 

and protocol property name obfuscation. 

 

These technologies prevent hackers from getting any information from identifiers by changing identifiers such as classes, methods, fields, properties, categories, category properties, protocols, protocol methods, and protocol properties to arbitrary values that have no meaning in the source code. 

Usually, app developers give meaning to all of these identifiers to facilitate analysis and development of source code. For example, it is common to give the login screen a class name like "LoginActivity". This approach is good for analyzing and maintaining source code, but conversely, it makes it easy for hackers to analyze the source for malicious purposes. So, in name obfuscation provided by AppCAMO-iOS, the "LoginActivity" class name is changed to "a1234sfjkasf" so hacker can't know whether it is LoginActivity. Therefore, it can be said that the purpose is to make hackers give up or delay because it takes time to analyze the source code.

 

Name obfuscation changes the name of an identifier to a meaningless value. The part called by parsing module such as JSON that communicates with Server/DB and the dynamic class/method call part have been renamed with obfuscation technology, so errors may occur when running the iOS app. In this case, the user must directly input as a filter in the “obfuscation exclusion filter” so that name obfuscation is not applied. Name obfuscation can not be applied to the apps which use reflections described above.

String Encryption : It finds hard-coded strings such as server address, API key, user account, token, and etc in the source code of the app, and encrypts them. And it decrypts them only when the app is run in a secure environment. If a sensitive value such as a server address, an API key, a user account, or a token is exposed to a hacker, Not only can the server be attacked, but other secondary damage may occur. Therefore, this security technology option is recommended for all apps by default.

debug information removal :  It removes the relevant area on the IPA so that method parameter names, local variable names, and line numbers on the original source code are not exposed when an app is decompiled, and it makes source analysis more difficult.

The dynamic analysis prevention technology of AppCAMO-iOS detects and blocks hacking attempts while the app is running, which includes 

Jailbreak Detection : It detects whether a device is jailbroken or not when running an app and prevents the app from running, if it is the jailbroken device. 

 

Debugger Detection : It prevents the app from running if an app is being debugged.  

 

Simulator Detection(Virtual Machine Detection) : It prevents the app from running if the app is run in a simulator.

Fig. 4 iOS app shielding solution AppCAMO-iOS security technologies

Multiple Apps Management Technology

AppCAMO-iOS makes it easier to manage app security technologies by providing management technologies such as user management, project management, task management, bulletin boards and statistics that are not available in other app security solutions. You can manage all history of various app security technologies, from the beginning to the latest.

 

No SDK, No Coding, The Only One that can provide GUI based Solution for easy to use

Unlike other solutions that require learning time and coding using SDK or plug-in, AppCAMO does not require learning time and coding to apply security technologies. AppCAMO is based on a web GUI that allows users to intuitively select and apply various app security technologies with just clicks.

Fig. 5 iOS App Security Solution AppCAMO-iOS Web Screen Layout

Corporate Standard Mobile Application Security Platform

In 2020, we built the iOS app security standard platform for SKtelecom. AppCAMO-iOS is applied to more than 50 apps of SKtelecom each year. This platform creates strategic R&D infrastructure with SKtelecom security team which guarantees systematic customer feedback, new requirements, stability, and credibility for AppCAMO-iOS.

Fig. 6 iOS App Security Standard Platform for a Mobile Carrier

System Specifications

The required specifications of H/W and S/W for the system structure and operation of the solution are as follows.

Fig. 6 iOS App Shielding Solution AppCAMO-iOS System Specifications

AppCAMO-iOS Prerequsites

- Xcode Latest Version

- Bitcode enabled Archive Build

"AppCAMO-iOS provides multi-layered protection technology that fundamentally blocks app hacking, and has world-class app security technology by providing app hacking detection and prevention technology even at runtime. We are expanding our sales not only in Korea but also in overseas markets such as Southeast Asia."

If you are interested in this solution or have any questions, please feel free to contact us below.

Mail : appcamo@appcamo.com

Tel : +82-2-6951-3296

Home Page : www.appcamo.com