Mobile Security

App reinforcement integrates various reinforcement and protection technologies into an APK targeted at different security defects without modifying the Android source code of an app, thereby improving the overall security level of the app through the following features:

· Decompilation prevention for DEX

Based on an app's security requirements, the DEX file can be protected by overall encryption; and the core code can be extracted for encryption in a more targeted manner to provide higher-intensity virtualization (VMP) protection.

· Decompilation prevention for .so Files

High-intensity security protection is offered for core .so files to prevent cracking by reverse tools such as IDA and readelf and exposing core sensitive logic.

· Anti-tampering for apps

Through complete cross-checking of all app files, it is ensured that an app can still work properly even if any file in it is modified or replaced.

· Anti-debugging for apps

Various debugging and analysis tools such as APKTool, dex2jar and JEB are blocked from debugging an app statically or dynamically.

· Local data protection for apps

High-intensity encryption of an app's local database files is offered to effectively protect core local data combined with memory anti-dump and anti-reading technologies.

· Resource file protection for apps

Data encryption is available for protection of an app's local resource files imperceptible to development, including database files, XML configuration files and so on.

Tencent Cloud's security assessment is built for apps based on Tencent's years of accumulation in anti-attack and anti-penetration technologies to comprehensively assess apps while ensuring the security of app assessment data.

· Source code security

Complete security detection is conducted against the possible decompilation and cracking risks with the source code of an app to avoid potential leakage of core business logic caused by leakage of source code.

· Anti-attack

Once released, an app runs in complex and diverse environments; attackers can use simulation, dynamic injection, dynamic debugging, memory reading and various known and unknown vulnerabilities to attack the app. Therefore, the app's own anti-attack capabilities are crucial and eliminating excessive source code risks and potential vulnerabilities is an important guarantee for app security.

· Data security

Comprehensive security detection is performed in aspects such as the processing and storage of various data by an app and residual violating information, including security assessment of 18 items such as password storage in plaintext, insecure use of encryption methods, database injection vulnerabilities and digital certificates in plaintext.

· Communication security

A comprehensive automated risk detection and vulnerability analysis is conducted around the network communication between app client and server in aspects such as sensitive data transmission, server authentication and certificate verification involved in the communication process.

· Interaction security

Security assessment and analysis is performed in the interface interaction process of an app, where various risks may exist such as screen hijacking, input listening and fragment injection vulnerabilities, helping avoid sensitive information leakage due to malicious behaviors.

· Authentication security

An app requires authentication in many cases, including account, server and app signature authentication and collaborative authentication in various payment and transfer scenarios. In these authentication links, the app is checked for risks such as certificate storage in plaintext and certificate verification vulnerabilities.

· Malicious code scanning

A comprehensive malicious code scan is performed for an app to ensure that the app does not have malicious code in the development, packaging and SDK integration phases and there are no threats such as backdoors and trojans if the app is outsourced for development.

· Custom sensitive word detection

An app can be screened for sensitive words in terms of sensitive information and legal compliance, which helps avoid the risks to the app or even the brand caused by the intentional and unintentional residual information in the app.

Tencent Cloud's compatibility testing based on the core capabilities of Tencent WeTest can be flexibly integrated into the overall Mobile Security solution, providing one-stop compatibility solutions behind Mobile Security. Main functions:

An APK can be submitted in just one click, with a test report returned within one hour on average. During the test, one screenshot is captured per second to provide first-hand data for problem backtracking. Meanwhile, testing data is presented in multiple dimensions, including problem type, severity, frequency of occurrence and influence of people.