How soft apps protect themselves, talk about app defenses, use 360 hardening helper reinforcement/signature/multi-channel packaging/Application Market release

How soft apps protect themselves, talk about app defenses, use 360 hardening helper reinforcement/signature/multi-channel packaging/Application Market release

Because Java and Android platform type, so the app is easy to decompile, which for our developers, is an unwanted result, for the user, is a sad news, and security, has been our focus, today, we come to talk about this security, and play with APK reinforcement!

I. Why we need to improve the security of the app

Mobile phone is not left side, the app is the most important link, we are basic necessities, mostly rely on the app to complete, so, the security of the app is a big challenge, no matter what part of you out of the question, will make your private information, vegetable farms security threatened, not to mention, In case you have a family bucket, then you must not cry to death!

Two. Ways to improve app security

What are the general procedures we have for security?

• 1. Pack (Android has returned to Google Dad for a few years)
• 2. Confusion (high feasibility, but a bit more pits, some SDK does not support confusion)
• 3. Reinforcement (more platform, choose cautiously)
• 4. Special treatment (the company does not pass the secret)

Generally on these processes, packaging directly on the shelves, this point, is obviously a stem ah, a little anti-compilation will be able to put your code to see a 7788, confusion is a good point, but a little bit troublesome, but also a good means. Reinforcement, very easy to fix, for most of the developers said, is quite a good means, but, others can also directly solve the master (good want to learn ...) , so, as a developer, our daily habits must be kept good ah, take me, our company has its own system, the app is self-developed, but every time I debug can see a lot of the app's log, then I will tell the engineer responsible for this piece, the attention to these details, so, Our code awareness also has several types of '

• 1. Always consider the implementation of functions in various situations
• 2. Strict control of permissions, do not want to implement a function to add a lot of redundant permissions
• 3. Clear your log information, it is recommended to use the packed log class
• 4. Use up-to-date development tools and APIs, not to mention, who knows
• 5. When using the third-party SDK, think about all aspects of him, check the authority and master its updated trend
• 6. Look at the news, maybe you can reap a lot of safety awareness

Of course, we not only write code habits to note that when we write code should also pay more attention to some problems, of course, only for large enterprise apps and financial apps

• 1. Avoid processing sensitive data at the Java layer
• 2. In-app self-efficacy
• 3. Confusing the Code
• 4. Using Security components
• 5.APK Reinforcement

Take the input password, the processing of the password, all kinds of encryption, a variety of secret uploads, but there will be omissions, such as the previous period of time someone has been a material Sogou input method to the user entered the information uploaded to their own server, also use the plaintext, the amount ... This ..., the friendship of the boat so did not say on the turn, of course, here is not just for Sogou, the other few good where to go, at this time, we can also customize the keyboard and so on, do not need a lot of features, in fact, it is no big difficulty to achieve

Of course, the compiled application, the data are encoded, and further modification is a bit difficult, we will talk about the reinforcement of the technology on the compiled apk and then put on a layer of umbrella

Three. Reinforcing means

What is reinforcement ( based on 360 reinforcement )?

• Hardening is a way to improve the security of the APK, His principle is to use a Classes.dex file to do loader, the original bytecode Classes.dex file load and start, that is, before the original bytecode file execution add an additional logic to increase the security policy, the bootstrap reference to normal operation

We all know, we use Apktools to anti-compile time, get the source code file is Classes.dex, and reinforcement is the original classes.dex do camouflage to protect, we look at the picture

I stole the picture, Haha, this is a reinforcement mode, some of our apk files can be seen here

What is the difference between the pre-and post-reinforced file structures? We're still scoring two points.

• Differences in file structure
  

  The file structure has changed a little, we look directly at the diagram to speak

This picture oneself draw, not steal ah, haha!

• The different code

The different code, mainly reflected in the

• Androidmanifest.xml

In the manifest file, a new permission is added to the

<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>

• and force the name of application to be specified as

android:name="com.qihoo.util.StubApplication"

• Finally, a registered activity is added to the information

android:name="com.qihoo.util.appupdate.AppUpdateActivity"

By the way, the package name has also changed, in the launch of the app is a number of logical processing, we said so much, in fact, there is no luan use, we still know the actual combat, here to use 360来 Demo

Four. 360 Reinforcement Helper

Yo, go to the chase.

• Official website: http://jiagu.360.cn/

1.360 Reinforcement Assistant's introduction

Well, this, or copy the online bar, since the use of other people's things is it, also not good black home, the official website is said, strengthen the mobile application to provide professional security protection, to prevent the application is reverse analysis, anti-compilation, two packaging, to prevent the embedding of various viruses, advertising and other malicious code, from the source to protect data security and In order to meet the needs of the vast number of developers, strengthening the newspaper team launched the web-side reinforcement Bao after the PC-side 360 reinforcement assistant, to send only to open 360 reinforcement assistant software, one-click Upload apk, you can automatically complete the application of reinforcement, multi-channel packaging, signature work

2.360 Features of reinforcement assistants

• 1. One-click Upload automatic reinforcement and signature

No need to download signature tool, easy to automate signature, eliminate the hassle of duplicate signature

• 2. Multi-channel packaging is easier and faster

No limit on the number of channel packages, memory of your channel information, no need to repeat configuration channel information

• 3. Download and save automatically

After the application of reinforcement, automatically saved under the specified folder, no need to manually download

3.360 The function of the reinforcing assistant

• 1. Local reinforcement

Complete docking with the Ruggedized Web service, making hardening easier

• 2. View the progress of the hardening task

View the details of a hardening task locally

• 3. Configuration information

Configure signatures locally, apply marketing channels, enhance services

• 4. Auxiliary Tools

Create signature, Signature apk

• 5. One click Release

Post the hardened application with one click to the big application market

How to feel the same for the 360 reinforcement advertising ah .....

Okay, we're going straight to the website.

Then you can click on the use immediately, he will also prompt you to download the assistant, here is a link to a button directly

• 360 Reinforcement Assistant Download: Http://jiagu.360.cn/qcmshtml/details.html#helper

We directly download the Windows version, there are some supporting files and a manual, there is an installation program, here to note that we need to login yo

Of course, the function on the main interface we talked about it, and that's all we can say.

Okay, we're going to use a reinforced

Four. Reinforcement

To strengthen, we prepared an APK in advance, then we signed, get his signature file, the password is 123456789, OK, we click the Hardening application, import our APK

We temporarily do not configure, you will see the reinforcement

He will prompt the output of the directory, that is, after the reinforcement of the application

And when we click on the task details, we can see some information about this reinforcement.

Now you, we can go to configure information to configure our information, here are three tabs, the first is to configure your current app needs configuration information, you put the signature file, and then fill in the password can be

The second is mostly more interested in multi-channel packaging, we are actually very simple, select the statistical platform, select the market, fill in the number can be, very convenient

The final hardening option is to specify the output path.

The next option is the accessibility tool, nothing to say, signature and make signature

Finally, we can publish the app by clicking on a button.

is very convenient, get to new skills yo!

Okay, that's the end of the chapter.

My group: 555974449, interested can come in for a chat!

How soft apps protect themselves, talk about app defenses, use 360 hardening helper reinforcement/signature/multi-channel packaging/Application Market release