In this edition of the Layers Bulletin, we share what’s new in the latest version of DexProtector, including enhancements that have helped it to fully support Android 17 Beta 3.
DexProtector’s improved integrity controls and runtime protection mechanisms enable it to tamper-proof the millions of signals that our threat intelligence solution, Alice, shares with our clients every day. SOC teams use these insights about existing and emerging threats to make smart security decisions in a world where it’s increasingly difficult to know what’s real and what isn’t.
This is a challenge for end users of mobile devices, too. Social engineering scams are succeeding largely because they align with how we’re expected to behave in modern systems. In our latest essay, we explore what needs to change when trust itself becomes an attack surface.
What's new with Licel's solutions?
Introducing DexProtector 16.1.31
The latest version of DexProtector comes with full support for Android 17 Beta 3, improved methods for safeguarding eKYC processes, and extended support for payment app compliance.
In last month’s edition of the Layers Bulletin, we announced that we had been preparing for the upcoming launch of Android 17. This month we have continued our work to make sure there is complete synergy between it and DexProtector. And we’re pleased to say that the latest version of DexProtector (16.1.31) is now fully compatible with the platform changes that have been implemented in Android 17 Beta 3.
We’ve also enhanced DexProtector’s device integrity checks to make it even more effective at preventing camera injection attacks during eKYC processes. New detections have been introduced to comply with the latest banking app compliance requirements in Asia, too, such as those referenced in Circular-77-2025-TT-NHNN from the State Bank of Vietnam.
Key enhancements in this version include:
- Support for the Resource Encryption mechanism for Android 17 Beta 3
- New checks for Android system frameworks for tampering/injection
- New detection for Android device settings allowing connections via Android Debug - Bridge (ADB) via USB or WiFi interfaces
- Mechanisms to prevent attacks using remote Android devices for key attestation
- Improved detection of cloud-based Android emulators
Other enhancements we’ve made specifically for the Android Platform are support for Android Gradle Plugin 9, and additional support for integrating protected AARs into apps as individual Dynamic Feature Modules (DFM).
Dynamic Feature Delivery for Google Play is a powerful capability that allows developers to dynamically load additional functionality at runtime. This is particularly important for payment SDKs, which often support multiple payment schemes, while end users typically require only a subset of them for their day-to-day usage.
From a security perspective, this approach introduces additional considerations. One example is that dynamically delivered modules are loaded into the user-space file system, which increases the attack surface and requires enhanced integrity verification and runtime protections to make sure that modules have not been tampered with or replaced.
To enable our customers to safely adopt this architecture, we’ve introduced support for Dynamic Feature Modules for Android SDKs protected with DexProtector. This allows developers to benefit from modular delivery while also maintaining strong application integrity, secure execution, and compliance with payment scheme security requirements.
As always, we’ve also implemented improvements for the iOS Platform. These include additional support for protecting iOS binaries linked with the OSS ld64.lld linker and support for cases where multiple frameworks protected by DexProtector are integrated within a protected app. We’ve also introduced a new check for the Dopamine jailbreak.
Alice Threat Intelligence: How Millions of Trusted Signals Translate into Better Decision-Making
Our clients are able to take - and trust - the signals they receive from Alice, and then use them to make actionable decisions to improve their security posture.
Each day, Alice Threat Intelligence logs around 250 million security events across 192 countries. These relate to threats such as app tampering, debugging attempts, and root or jailbreak activity on both Android and iOS devices. The map below provides a snapshot of how these security incidents were distributed around the world during one 24 hour period this month.
Trusted signals are collected from applications and libraries protected with DexProtector and provide our clients with valuable visibility into both known and emerging attack techniques. This telemetry is essential not only for monitoring active threats, but also for discovering new fraud patterns and continuously strengthening protection mechanisms. As DexProtector protects billions of installed app instances on devices worldwide, it serves as a critical frontline layer in defending users and customers against mobile fraud scenarios, including eKYC abuse and account takeover attacks.
Given the scale and diversity of the Android and iOS ecosystems, it’s crucial to continuously deliver up-to-date detection capabilities to determine whether a device is trustworthy, untampered, and free from malicious applications or hostile runtime conditions. This fact is reflected in DexProtector’s release cycle, where every version introduces new or enhanced jailbreak detections for iOS, root detection for Android, and advanced device integrity checks, as we’ve outlined in the DexProtector update above.
For our customers, Alice’s tamper-proof, trusted signals provide real-time security insights that can be applied during high-risk user flows such as onboarding, login, and eKYC verification. For example, signals from Alice have helped our banking clients to identify compromised environments associated with camera injection attacks, remote device abuse, and other advanced mobile fraud techniques.
If you’d like to make Alice’s signals actionable, then we recommend using the Alice Data Streaming feature, which enables streaming and the correlation of device attestation data with a specific user, session, or Device ID. This allows you to build stronger fraud prevention workflows and support real-time, risk-based decision-making.
Attack trends
When Trust Becomes the Attack Surface
Today, many of the most effective attacks succeed not because people lack awareness, but because they are required to make high-stakes trust decisions inside systems that provide limited context, under conditions shaped by urgency, pressure, and manipulation.
One of the main reasons why Alice’s trusted signals are valued so much by our clients is that the world in which digital decisions are made has changed dramatically in recent years.
People are now being asked to make security-critical choices in environments that are defined by urgency, incomplete information, and increasingly sophisticated deception. The signals that end users rely on to judge legitimacy - interfaces, messages, identities - cannot be trusted. As a result they are becoming easier to replicate and harder to verify.
Trust is essential to how digital systems function, but what happens if the conditions under which that trust is exercised are no longer stable? This question is the seed from which Alice’s trusted signals sprouted; we wanted to provide our clients with trusted signals from an inherently untrustworthy source.
We can’t remove trust, but a shift is required in how systems are designed; away from models that depend on momentary user decisions, and toward models that remain resilient even when those decisions are manipulated.
This is particularly important in the mobile channel, where identity, authentication, and approval increasingly converge on a single device.
When trust itself becomes the attack surface, we need to think differently about how we ensure people can carry out everyday mobile transactions and operations safely.
We explore this theme in our latest essay:
Thanks for reading this edition of the Licel Layers Bulletin. We'll be back next month with more product improvement updates and threat intelligence insights.
