当前位置：网站首页>Mobile security reinforcement helps app achieve comprehensive and effective security protection
Mobile security reinforcement helps app achieve comprehensive and effective security protection
2020-11-09 14:29:43 【Mobile development platform mpaas of ant group】
Whether it's Android app still Jar application , Once the code is distributed , Will be in some form in an untrustworthy environment , It's hard to avoid being analyzed and cracked by people who have the intention . The secret hidden in the code , Whether it's a private algorithm , Or private agreements , Or encryption and decryption key , Can be cracked by attackers , Then infringe on the original author's commercial interests or intellectual property rights . So reverse cracking is one of the sources of business risk .
#1： Mobile application security status analysis
According to the Ministry of industry and information technology , end 2019 year , The number of mobile applications in China has reached 450 m , Among them, the game class 、 Life service 、 E-commerce App Top three .
Market segmentation , Let's look at the financial industry , According to the information and Communication Institute , stay 2019 year , For domestic 22777 Financial industry App Make observations and find out , only 17.08% Financial industry App Complete the reinforcement , More than 80% Financial industry App In the application market “ streaking ”, No safety reinforcement has been carried out . Look at the whole industry through the financial industry , Other industries have similar problems .
Let's look at regulatory policy again ：
For the financial industry —— The people's Bank of China issued the security management specification for mobile financial client application software , Clearly regulate the mobile App Safety reinforcement requirements of .
For the education industry —— Issued by the Ministry of education 《 Opinions on guiding and standardizing the orderly and healthy development of educational mobile Internet applications 》 as well as 《 Special governance action plan for mobile Internet application in management and service education of colleges and universities 》, Education is definitely put forward by education App You should go through a security assessment before you go online , And timely through the security reinforcement to repair the hidden danger .
Through finance 、 The regulatory requirements of the education industry and the background of the country's increasing attention to the mobile Internet , Other industries may also introduce relevant safety policy requirements in succession .
#2： New mobile application security protection strategy
The following describes the process of upgrading and iteration of Alibaba's internal mobile security protection strategy .
On the first and second generation reinforcement schemes , Mainly aimed at APK In the case of protection , Yes dex To hide , Encryption at the same time dex, Dynamically load encrypted at run time dex And do the shelling operation . The advantage of shell reinforcement is that it will not increase the application volume , meanwhile dex Be hidden , Can fight against dex Static analysis of .
As the means of attack continue to escalate , Alibaba mobile security reinforcement has upgraded its new capabilities . Now it has developed to the third generation of reinforcement ：Java Bytecode to Native Binary code .
Ali's internal reinforcement principles and objectives adhere to not only to fully improve their own security capabilities , Increase the difficulty and cost of the attack , We should also try our best to reduce the access cost of the business side , It's also about efficiency and volume .
The main risk points to deal with ：
- Java/Smali Bytecode is decompiled by the tool as Java Source code
- Java/Smali Bytecode is read directly
- native Assembly code is decompiled by the tool to C Source code
Java Bytecode because of format and instruction restrictions , There is an upper limit to the security capability . however ,native Binary code is relative to Java Bytecode cracking is much more difficult . So we convert bytecode to native Binary code , Code logic shifts to so Inside , Turned out to be Java Function call , Now it's JNI call . Of the attacker Java Reverse related skills fail directly , Forced to reverse native Binary system , And this is much more difficult than reverse bytecode .
#3：mPaaS Mobile security reinforcement heavy online
Combined with the upgrading of Alibaba's internal mobile application security reinforcement capability , We are mPaaS China and foreign countries officially launched mobile application security reinforcement capability .
In view of the widespread mobile applications on the market 、 Tampering 、 Pirate 、 A fishing scam 、 Memory debugging 、 Data theft and other security risks ,mPaaS Mobile security reinforcement is App Provide stability 、 Simple 、 Effective safety protection , promote App Overall safety level , To ensure App Not to be cracked or attacked .
In response Android Common means of attack , such as Decompile 、 Second packing 、 Dynamic debugging, etc , We also focus on performance and compatibility .
- Strengthening ability has gone through Taobao 、 The practice of hundreds of millions of businesses such as rookies , In terms of security ;
- On compatibility , We support 4.2 To Android Q Of edition ;
- Able to support arm、x86、x64 System architecture , Stable operation in complex environment , The rate of running out is low ;
- in addition , Protection by obfuscation of classes , Increase attacker reverse App The difficulty of , Make the attack impossible .
The core value of the product
Through the previous introduction , I'm sure you're interested in mPaaS Mobile application reinforcement has a preliminary understanding , Here's a summary mPaaS Advantages of mobile application security reinforcement .
- It's easy to operate , Upload the reinforcement package on the console , Open the box . Develop students 、 Project managers, etc. can use ;
- High stability and compatibility , The collapse rate is extremely low ;
- After Taobao and other Ali Department App Validation of the , In terms of security ;
- Support at the same time Android 4.2 To Android Q And arm、x86、x64 System architecture ;
- in addition , Support Javabytecode Level of confusion protection , Increase attacker reverse App Cost of , Maximum protection App The security of .
List of mobile security reinforcement capabilities
We from Decompile protection 、 Tamper protection 、 Protection against debugging And other dimensions of security , in the light of dex file 、so Documents and all kinds of hook The framework has made corresponding security policies , The list of capabilities is as follows ：
meanwhile ,mPaaS Mobile security reinforcement is perfectly compatible mPaaS The thermal repair ability of , Through the ability to heat repair , Can quickly fix online version problems , No need to publish , Ensure business continuity , You can go to mPaaS The ability of the console to experience hot fixes .
Simple access , Special offer double 11
Mobile application security reinforcement , Easy access , just 8 Step is done in no time . And in double 11 When it comes ,mPaaS Mobile security reinforcement will be officially launched on alicloud , Welcome to join the trial .
- Hard to develop App By Shanzhai ？mPaaS Help you for APK Put on the reinforced lock
- land ！Let's Start Coding
Official account “mPaaS”, reply “ Safety reinforcement ”, Get complete PPT Content
本文为[Mobile development platform mpaas of ant group]所创，转载请带上原文链接，感谢
- C++ 数字、string和char*的转换
- Won the CKA + CKS certificate with the highest gold content in kubernetes in 31 days!
- C + + number, string and char * conversion
- C + + Learning -- capacity() and resize() in C + +
- C + + Learning -- about code performance optimization
C + + programming experience (6): using C + + style type conversion
Latest party and government work report ppt - Park ppt
Online ID number extraction birthday tool
Field pointer? Dangling pointer? This article will help you understand!
GVRP of hcna Routing & Switching
- LeetCode 91. 解码方法
- Seq2seq implements chat robot
- [chat robot] principle of seq2seq model
- Leetcode 91. Decoding method
- HCNA Routing＆Switching之GVRP
- GVRP of hcna Routing & Switching
- HDU7016 Random Walk 2
- [Code+＃1]Yazid 的新生舞会
- CF1548C The Three Little Pigs
- HDU7033 Typing Contest
- HDU7016 Random Walk 2
- [code + 1] Yazid's freshman ball
- CF1548C The Three Little Pigs
- HDU7033 Typing Contest
- Qt Creator 自动补齐变慢的解决
- HALCON 20.11：如何处理标定助手品质问题
- HALCON 20.11：标定助手使用注意事项
- Solution of QT creator's automatic replenishment slowing down
- Halcon 20.11: how to deal with the quality problem of calibration assistant
- Halcon 20.11: precautions for use of calibration assistant
- "Top ten scientific and technological issues" announced| Young scientists 50 ² forum
- Reverse linked list
- JS data type
- Remember the bug encountered in reading and writing a file
- Singleton mode
- 在这个 N 多编程语言争霸的世界，C++ 究竟还有没有未来？
- In this world of N programming languages, is there a future for C + +?
- js Promise
- js 数组方法 回顾
- ES6 template characters
- js Promise
- JS array method review
- 【Golang】️走进 Go 语言️ 第一课 Hello World
- [golang] go into go language lesson 1 Hello World