How soft apps protect themselves, talk about app defenses, use 360 hardening helper reinforcement/signature/multi-channel packaging/Application Market release
Because Java and Android platform type, so the app is easy to decompile, which for our developers, is an unwanted result, for the user, is a sad news, and security, has been our focus, today, we come to talk about this security, and play with APK reinforcement!
I. Why we need to improve the security of the app
Mobile phone is not left side, the app is the most important link, we are basic necessities, mostly rely on the app to complete, so, the security of the app is a big challenge, no matter what part of you out of the question, will make your private information, vegetable farms security threatened, not to mention, In case you have a family bucket, then you must not cry to death!
Two. Ways to improve app security
What are the general procedures we have for security?
- 1. Pack (Android has returned to Google Dad for a few years)
- 2. Confusion (high feasibility, but a bit more pits, some SDK does not support confusion)
- 3. Reinforcement (more platform, choose cautiously)
- 4. Special treatment (the company does not pass the secret)
Generally on these processes, packaging directly on the shelves, this point, is obviously a stem ah, a little anti-compilation will be able to put your code to see a 7788, confusion is a good point, but a little bit troublesome, but also a good means. Reinforcement, very easy to fix, for most of the developers said, is quite a good means, but, others can also directly solve the master (good want to learn ...) , so, as a developer, our daily habits must be kept good ah, take me, our company has its own system, the app is self-developed, but every time I debug can see a lot of the app's log, then I will tell the engineer responsible for this piece, the attention to these details, so, Our code awareness also has several types of '
- 1. Always consider the implementation of functions in various situations
- 2. Strict control of permissions, do not want to implement a function to add a lot of redundant permissions
- 3. Clear your log information, it is recommended to use the packed log class
- 4. Use up-to-date development tools and APIs, not to mention, who knows
- 5. When using the third-party SDK, think about all aspects of him, check the authority and master its updated trend
- 6. Look at the news, maybe you can reap a lot of safety awareness
Of course, we not only write code habits to note that when we write code should also pay more attention to some problems, of course, only for large enterprise apps and financial apps
- 1. Avoid processing sensitive data at the Java layer
- 2. In-app self-efficacy
- 3. Confusing the Code
- 4. Using Security components
- 5.APK Reinforcement
Take the input password, the processing of the password, all kinds of encryption, a variety of secret uploads, but there will be omissions, such as the previous period of time someone has been a material Sogou input method to the user entered the information uploaded to their own server, also use the plaintext, the amount ... This ..., the friendship of the boat so did not say on the turn, of course, here is not just for Sogou, the other few good where to go, at this time, we can also customize the keyboard and so on, do not need a lot of features, in fact, it is no big difficulty to achieve
Of course, the compiled application, the data are encoded, and further modification is a bit difficult, we will talk about the reinforcement of the technology on the compiled apk and then put on a layer of umbrella
Three. Reinforcing means
What is reinforcement ( based on 360 reinforcement )?
- Hardening is a way to improve the security of the APK, His principle is to use a Classes.dex file to do loader, the original bytecode Classes.dex file load and start, that is, before the original bytecode file execution add an additional logic to increase the security policy, the bootstrap reference to normal operation
We all know, we use Apktools to anti-compile time, get the source code file is Classes.dex, and reinforcement is the original classes.dex do camouflage to protect, we look at the picture
I stole the picture, Haha, this is a reinforcement mode, some of our apk files can be seen here
What is the difference between the pre-and post-reinforced file structures? We're still scoring two points.
- Differences in file structure
The file structure has changed a little, we look directly at the diagram to speak
This picture oneself draw, not steal ah, haha!
The different code, mainly reflected in the
In the manifest file, a new permission is added to the
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
- and force the name of application to be specified as
android:name="com.qihoo.util.StubApplication"
- Finally, a registered activity is added to the information
android:name="com.qihoo.util.appupdate.AppUpdateActivity"
By the way, the package name has also changed, in the launch of the app is a number of logical processing, we said so much, in fact, there is no luan use, we still know the actual combat, here to use 360来 Demo
Four. 360 Reinforcement Helper
Yo, go to the chase.
- Official website: http://jiagu.360.cn/
1.360 Reinforcement Assistant's introduction
Well, this, or copy the online bar, since the use of other people's things is it, also not good black home, the official website is said, strengthen the mobile application to provide professional security protection, to prevent the application is reverse analysis, anti-compilation, two packaging, to prevent the embedding of various viruses, advertising and other malicious code, from the source to protect data security and In order to meet the needs of the vast number of developers, strengthening the newspaper team launched the web-side reinforcement Bao after the PC-side 360 reinforcement assistant, to send only to open 360 reinforcement assistant software, one-click Upload apk, you can automatically complete the application of reinforcement, multi-channel packaging, signature work
2.360 Features of reinforcement assistants
- 1. One-click Upload automatic reinforcement and signature
No need to download signature tool, easy to automate signature, eliminate the hassle of duplicate signature
- 2. Multi-channel packaging is easier and faster
No limit on the number of channel packages, memory of your channel information, no need to repeat configuration channel information
- 3. Download and save automatically
After the application of reinforcement, automatically saved under the specified folder, no need to manually download
3.360 The function of the reinforcing assistant
Complete docking with the Ruggedized Web service, making hardening easier
- 2. View the progress of the hardening task
View the details of a hardening task locally
- 3. Configuration information
Configure signatures locally, apply marketing channels, enhance services
Create signature, Signature apk
Post the hardened application with one click to the big application market
How to feel the same for the 360 reinforcement advertising ah .....
Okay, we're going straight to the website.
Then you can click on the use immediately, he will also prompt you to download the assistant, here is a link to a button directly
- 360 Reinforcement Assistant Download: Http://jiagu.360.cn/qcmshtml/details.html#helper
We directly download the Windows version, there are some supporting files and a manual, there is an installation program, here to note that we need to login yo
Of course, the function on the main interface we talked about it, and that's all we can say.
Okay, we're going to use a reinforced
Four. Reinforcement
To strengthen, we prepared an APK in advance, then we signed, get his signature file, the password is 123456789, OK, we click the Hardening application, import our APK
We temporarily do not configure, you will see the reinforcement
He will prompt the output of the directory, that is, after the reinforcement of the application
And when we click on the task details, we can see some information about this reinforcement.
Now you, we can go to configure information to configure our information, here are three tabs, the first is to configure your current app needs configuration information, you put the signature file, and then fill in the password can be
The second is mostly more interested in multi-channel packaging, we are actually very simple, select the statistical platform, select the market, fill in the number can be, very convenient
The final hardening option is to specify the output path.
The next option is the accessibility tool, nothing to say, signature and make signature
Finally, we can publish the app by clicking on a button.
is very convenient, get to new skills yo!
Okay, that's the end of the chapter.
My group: 555974449, interested can come in for a chat!
How soft apps protect themselves, talk about app defenses, use 360 hardening helper reinforcement/signature/multi-channel packaging/Application Market release