App Security Solution AppCAMO protects AAB files

 "App shielding solution AppCAMO protects Android native apps such as Java and Kotlin, and Cross-Platform apps(hybrid apps) such as Cordova, Ionic, React Native, and Cordova extensions against reverse engineering and tampering."

From August 2021, when distributing new Android apps to Google Play, Google changed the app policy so that it can only be uploaded using the new app file format, AAB, rather than the existing APK, which is the existing app file format.

Fig. 1 Android App security - APK file architecture

APK file size continues to increase

Currently, APK files have a single architecture called "FAT Binary", supporting multiple devices with different CPUs(ARM, ARM64, x86, etc).

The APK file size is inevitably increased over time due to the addition of high-definition resources for supporting new devices or high-resolution hardware, and the addition of language sets for multi-language support.

Fig. 2 Android App Shielding - AAB file architecture

Recommend AAB file format to solve APK file size issue

In 2018, Google analyzed the correlation between APK size and installation rate and announced that for every 6MB increase in APK size, the percentage of users installing apps dropped by 1%.

Google recommended the AAB file format to solve this APK file size issue.

If the developer builds the app as an AAB file and distributes it to Google Play, the APK file optimized for the user's device can be downloaded, reducing the app size, download time, disk allocation size, and installation time.

Fig. 3 AAB file architecture and contents

Base APK: Essentials to run an app

Configuration APK: CPU, screen density, and language classification

Dynamic Feature APK: Focus on features for small users or infrequently used add-ons

Asset Pack APK: Focus on features that require a lot of graphics, such as games

BUNDLE-METADATA: Metadata that includes useful information related to Google Play, including ProGuard mapping information and full DEX file list information.

Module protocol buffer (*.pb) file: Metadata that helps to describe the contents of each app module on Google Play, and provides information necessary to generate an APK optimized for the device.

 

App Security Solution AppCAMO protects AAB file

AppCAMO’s AAB protection technology provides more than 20 security technologies that comply with OWASP(Open Web Application Security Project), the same as AppCAMO’s APK protection technology. And, it consists of static analysis prevention(Code Hardening) technology and dynamic analysis prevention(RSAP: Runtime Application Self Protection) technology.

Static analysis prevention(Code Hardening) protects AAB files from hacking.

decompile prevention,

repackaging prevention,

class name obfuscation,

method name obfuscation,

field name obfuscation,

code encryption,

string encryption,

resource encryption,

hybrid app Encryption(JavaScript encryption, WebView encryption);

custom hybrid app encryption(custom webview encryption);

debug information removal,

Logcat log removal, and more.

 

Dynamic analysis prevention(RASP) blocks hacking attempts while an app is running.

tampering detection,

debugger detection,

root detection,

emulator detection(Virtual Machine detection);

root hide detection(Magisk/Magisk Hide detection);

Hacking tool detection(Frida detection),

API hooking prevention,

memory hack prevention,

screen capture prevention,

clipboard copy protection,

Usage time control, and more.

AppCAMO provides the same app protection technology for AAB file as well as APK file of Android app.

"App security solution AppCAMO provides multi-layered protection technology that strongly blocks app hacking, and has world-class app security technology by providing app hacking detection and prevention technology even at runtime. We are expanding our sales not only in Korea, but also in overseas markets such as Southeast Asia and the United States."

If you are interested in this solution or have any questions, please feel free to contact us below.

Email : appcamo@appcamo.com

www.appcamo.com

AppCAMO blocks threats such as root detection bypass and hooking caused by Frida or Magisk/Magisk Hide/Magisk Delta

"App obfuscation solution AppCAMO-Android provides additional RASP technologies such as Magisk detection, Frida detection, API hooking prevention, and memory hacking prevention as well as basic RASP technologies such as rooting detection, tampering detection, debugger detection, and emulator detection. Through these various RASP technologies, AppCAMO-Android strongly protects apps from hacking threats that may occur when running apps."

Currently, most app shielding solutions provide basic RASP(Runtime Application Self-Protection) technologies such as root detection, tampering detection, debugger detection, and emulator detection. However, powerful hacking apps/tools such as Magisk/Magisk Hide and Frida that can disable these technologies may make apps vulnerable to hacking threats.

Magisk is a hacking app that disables the rooting detection technology by modifying or deceiving the files, permissions, and processes that are changed in the process of rooting so that they cannot be detected.

Frida is a Dynamic Binary Instrumentation framework that can monitor and modify the behavior of a running app, so it can decrypt the source code of an encrypted app, and is a hacking tool that can bypass rooting detection, etc.

Fig.1 Example of app hacking using Frida to bypass rooting detection

AppCAMO provides additional powerful RASP technologies as follows.

​Magisk/Magisk Hide detection(blocks bypassing root detection)

Magisk/Magisk Hide is a hacking app that disables the rooting detection by modifying or deceiving the files, permissions, and processes that are changed in the process of rooting so that they cannot be detected. Magisk detection is a self-defense mechanism that detects Magisk/Magisk Hide apps and prevents them from being hacked by shutting down on their own.

Frida detection(Hacking tool detection)

Frida is a tool used to test or fix problems by controlling apps running on various operating systems (Android, iOS, Windows, etc.), and is often used for hacking. With Frida, hackers can write scripts to change the behavior of an app to their liking. Frida detection is a self-defense mechanism that detects the execution of the Frida tool in the way recommended by OWASP and causes the app to terminate itself.

API Hooking Prevention

API hooking refers to detecting the function that the app calls for the function operation of the app, executing the function defined by the hacker when the function is called, changing the result value, or recording the call parameter. Using API hooking by Frida, hackers can make certain features of the app malfunction. API Hooking Prevention is a self-defense mechanism that prevents hacking by shutting down itself when API hooking is detected in the app or in an environment where API hooking is possible.

Memory hacking prevention

Memory hacking refers to reading a value that an app stores in memory while it is running, extracting information from the app or changing the value to cause the app to malfunction. Using memory hacking by Frida, hackers can control the score and stats of the game app, or steal information exchanged with the server. Memory hacking prevention technology is a self-defense mechanism that detects an environment where memory hacking is possible in an app and shuts itself down to prevent hacking.

"App shielding solution AppCAMO provides Multi-Layered Protection Technology that strongly blocks app hacking, and has world-class app security technology by providing app hacking detection and prevention technology even at runtime. We are expanding our sales not only in Korea, but also in overseas markets such as Southeast Asia and the United States."

If you are interested in this solution or have any questions, please feel free to contact us below.

Mail : appcamo@appcamo.com

Tel : +82-2-6951-3296

Home Page : www.appcamo.com