When Licel began in 2011, protecting a mobile app mostly meant protecting its code. Fifteen years of watching the threat landscape widen has taught us that the app was only ever one wall of a much larger room - what we call the mobile channel - and that room keeps growing.
The work we committed to in 2011, and have recommitted to every year since, is to keep that whole room trustworthy as the attacks against it grow more subtle.
This month, we look back on how fifteen years of a changing threat landscape reshaped our strategic outlook. We show how DexProtector Studio helps you see more of the room growing around you, and how DexProtector is evolving alongside the latest Android and iOS releases.
And in a new Knowledge Hub guide, we explain why real protection has to cover what actually ships - the final container - whether you’re obfuscating an Android or iOS app.
What's new with Licel's solutions?
See More of the Room: DexProtector Studio Now Pinpoints the Code Paths That Most Need Protecting
Studio is the offline, on-premises companion to DexProtector. It lets developers and security engineers see inside an app or SDK, surface the sensitive material, and configure protection, all without anything leaving their environment.
Its built-in AppCare analysis already flags vulnerable dependencies, secrets, and sensitive assets. With the latest update, Studio now also maps an app's use of sensitive platform APIs, showing how security-critical functionality is implemented, and what most needs protecting.
The result is a smarter, faster path to mobile channel security: less manual guesswork, more targeted protection, and a DexProtector configuration focused on the areas that matter most.
Keeping Pace With Android 17 and iOS 27
This month we released DexProtector 16.1.85 and 16.1.87, tested and working cleanly with both Android 17 and iOS 27, alongside a set of security, compatibility, and reliability improvements across both platforms.
They strengthen runtime protection, extend network communication hardening and code protection on iOS, improve Android compatibility with modern packaging requirements including 16 KB alignment, and add new Alice reporting capabilities.
To maintain the strongest available level of protection, we recommend regularly updating applications in production with the latest version of DexProtector: at least once per month, and more frequently where possible. When there’s more than one month between your application releases, it’s particularly important to update the DexProtector version used for each new build.
We also recommend enforcing a minimum supported application version at the backend. DexProtector's Mobile API Protection capability enables you to restrict access from outdated app versions, helping to prevent rollback-based attacks and keeping organizations and end users on the latest protection and platform enhancements.
15 Years of Watching the Same Room
Keeping protection current as platforms shift is something we’ve done for fifteen years now. And doing it for that long quietly changed how we think about what we’re protecting in the first place.
When we started our journey in 2011, securing a mobile app mostly meant securing its code. With each passing year, we’ve seen the attack surface widen, from dynamic instrumentation tools manipulating apps at runtime to AI-enhanced tools enabling attackers to pass eKYC checks. Eventually we were forced to say out loud what we’d been seeing: the app itself was only ever one wall of a room that kept getting larger.
In our anniversary piece, we reflect on how fifteen years of a changing threat landscape reshaped our thinking, and why we now talk about protecting the whole mobile channel.
Android and iOS App Obfuscation: The Importance of Protecting the Final Container
The wall might not be the full room, but protecting that wall is still as vital as ever. Perhaps even more so, because everything else now leans on it. A crucial part of protecting it is app obfuscation, and for fifteen years DexProtector has been built around a core principle: you can’t protect the integrity of what you can’t see.
That principle is why DexProtector protects the final container; the finished, ready-to-ship APK, AAB, IPA, or XCArchive, rather than source or intermediate code that later build steps can still disturb. It's the only version of your app you can be certain matches what reaches your users.
In this Knowledge Hub guide, we explain how that plays out across both platforms, including the AAB splits that break naive Android protection, and the decrypted iOS binaries that circulate within hours of release. We also cover why running protection on-premises rather than in the cloud matters, and share the questions worth asking yourself when evaluating any Android or iOS obfuscator.
Fifteen years in, and the work is the same as it was at the start: keep the room trustworthy, so the person living in it doesn't have to.
Thanks for reading this edition of the Licel Layers Bulletin. We'll be back next month with more product improvement updates and threat intelligence insights.
