Mobile Security provides one-stop scenario-based security solutions for apps. Based on Tencent's years of technical experience in over 1.2 billion mobile devices, Mobile Security offers various services such as app reinforcement, security assessment and compatibility testing for many industries including finance, Internet, Internet of Vehicles, Internet of Things, ISP and government affairs. With its stable, simple and effective services, mobile security construction is simplified.
Mobile Security provides scenario-based security services to effectively improve the security level of apps in various scenarios including app reinforcement, security assessment, compatibility testing and utilities.
App reinforcement integrates various reinforcement and protection technologies into an APK targeted at different security defects without modifying the Android source code of an app, thereby improving the overall security level of the app and protecting it from being cracked and pirated.
The security capabilities provided by app reinforcement operate stably in complex environments with high compatibility and low crash rate, supporting ARM, AArch64, x86 and x64 architectures and Android versions from 2.0 to P.
Security assessment provides high-quality app security detection services while ensuring the data security during detection. Tencent Cloud's security assessment capabilities include code security risk detection, potential vulnerability scanning, malicious code scanning, system permission detection and sensitive word detection.
Mobile Security serves hundreds of thousands apps operated by Tencent and numerous Chinese companies installed in over 1.2 billion mobile devices, gaining rich experience in stable mobile security operations.
App reinforcement integrates various reinforcement and protection technologies into an APK targeted at different security defects without modifying the Android source code of an app, thereby improving the overall security level of the app through the following features:
· Decompilation prevention for DEX
Based on an app's security requirements, the DEX file can be protected by overall encryption; and the core code can be extracted for encryption in a more targeted manner to provide higher-intensity virtualization (VMP) protection.
· Decompilation prevention for .so Files
High-intensity security protection is offered for core .so files to prevent cracking by reverse tools such as IDA and readelf and exposing core sensitive logic.
· Anti-tampering for apps
Through complete cross-checking of all app files, it is ensured that an app can still work properly even if any file in it is modified or replaced.
· Anti-debugging for apps
Various debugging and analysis tools such as APKTool, dex2jar and JEB are blocked from debugging an app statically or dynamically.
· Local data protection for apps
High-intensity encryption of an app's local database files is offered to effectively protect core local data combined with memory anti-dump and anti-reading technologies.
· Resource file protection for apps
Data encryption is available for protection of an app's local resource files imperceptible to development, including database files, XML configuration files and so on.
Tencent Cloud's security assessment is built for apps based on Tencent's years of accumulation in anti-attack and anti-penetration technologies to comprehensively assess apps while ensuring the security of app assessment data.
· Source code security
Complete security detection is conducted against the possible decompilation and cracking risks with the source code of an app to avoid potential leakage of core business logic caused by leakage of source code.
Once released, an app runs in complex and diverse environments; attackers can use simulation, dynamic injection, dynamic debugging, memory reading and various known and unknown vulnerabilities to attack the app. Therefore, the app's own anti-attack capabilities are crucial and eliminating excessive source code risks and potential vulnerabilities is an important guarantee for app security.
· Data security
Comprehensive security detection is performed in aspects such as the processing and storage of various data by an app and residual violating information, including security assessment of 18 items such as password storage in plaintext, insecure use of encryption methods, database injection vulnerabilities and digital certificates in plaintext.
· Communication security
A comprehensive automated risk detection and vulnerability analysis is conducted around the network communication between app client and server in aspects such as sensitive data transmission, server authentication and certificate verification involved in the communication process.
· Interaction security
Security assessment and analysis is performed in the interface interaction process of an app, where various risks may exist such as screen hijacking, input listening and fragment injection vulnerabilities, helping avoid sensitive information leakage due to malicious behaviors.
· Authentication security
An app requires authentication in many cases, including account, server and app signature authentication and collaborative authentication in various payment and transfer scenarios. In these authentication links, the app is checked for risks such as certificate storage in plaintext and certificate verification vulnerabilities.
· Malicious code scanning
A comprehensive malicious code scan is performed for an app to ensure that the app does not have malicious code in the development, packaging and SDK integration phases and there are no threats such as backdoors and trojans if the app is outsourced for development.
· Custom sensitive word detection
An app can be screened for sensitive words in terms of sensitive information and legal compliance, which helps avoid the risks to the app or even the brand caused by the intentional and unintentional residual information in the app.
Tencent Cloud's compatibility testing based on the core capabilities of Tencent WeTest can be flexibly integrated into the overall Mobile Security solution, providing one-stop compatibility solutions behind Mobile Security. Main functions:
An APK can be submitted in just one click, with a test report returned within one hour on average. During the test, one screenshot is captured per second to provide first-hand data for problem backtracking. Meanwhile, testing data is presented in multiple dimensions, including problem type, severity, frequency of occurrence and influence of people.
Tencent Cloud's security assessment provides comprehensive risk detection during app testing, including code security risk detection, potential vulnerability scanning, malicious code scanning, system permission detection and sensitive word detection, to help identify potential risks in a comprehensive and in-depth manner.
During an app's release phase, app reinforcement can protect app security to prevent the app from being cracked and pirated after released; while taking into account security assurance, the app can be fully tested for compatibility by Tencent Cloud's compatibility testing, ensuring that the app not only is secure but also has excellent stability after released.
If you need the Mobile Security services, please contact us!