Dynamic mobile app security for Android and iOS.


DexProtector DexProtector

Powerful app and SDK security, whatever platform you’re using.

The integrity of your app or SDK is under constant threat. DexProtector's robust security mechanisms keep your application safe from tampering, reverse engineering, and malware designed to target it. Encryption, obfuscation, and virtualization harden your app, RASP checks detect threats in its environment, and communication hardening prevents network attacks.

Supports applications and libraries for Android Android Wear, Android TV, and Android Things from version 4.4 to 15.x.
Supports applications and libraries for iOS and Apple Watch from versions 11.0 to 17.x.

DexProtector works just as effectively for hybrid apps as it does for native applications.

*also supports Ionic, Kendo UI, NativeScript PhoneGap and more.

DexProtector is designed to make developers’ lives easier.

illustration of different platforms intergating

Save time with instant integration

Seamlessly integrate DexProtector into your development lifecycle. Whether you use DexProtector Studio, integrate into the CI/CD process via the Gradle plugin or the command line, it’s as easy as “unprotected app in, protected app out.”

illustration of different platforms intergating

Protect on premises and avoid online risks

Bypass unnecessary risks associated with cloud-based security solutions. DexProtector operates offline in a safe environment that you control.

illustration of different platforms intergating

Secure your app without slowing it down

DexProtector’s multi-layered protection doesn’t compromise performance. Your app retains its speed and responsiveness, giving you robust security without a lag.


An app protection pioneer packed with features to secure your digital assets.

Obfuscation, Encryption, and Virtualization

DexProtector works directly with compiled apps at both bytecode and native levels to harden strings, classes, and metadata, as well as app resources, assets, and internal data. A combination of obfuscation, encryption, and virtualization mechanisms stops reverse engineering, modification, and IP theft.

Anti-Tampering and Integrity Control

DexProtector applies sophisticated encryption-based integrity controls involving unique context-sensitive keys calculated dynamically at the point of protection. These controls, in combination with runtime code checks, certificate checks, and file content checks, prevent attackers from modifying and exploiting protected applications.

RASP (Runtime Application Self-Protection) and Device Attestation

The DexProtector Runtime Engine is the first component of DexProtected apps to be initialized on launch. It scans the device for threats and enables the app to protect itself against them. The comprehensive range of device attestation mechanisms including anti-debug, anti-emulator, anti-root and Jailbreak checks help to prevent reverse engineering and tampering.

Anti-Malware and App Blacklisting 

DexProtector’s Runtime Engine detects and reports known malware infecting end users’ devices. This protects your app and its users from malicious interference. You can also configure DexProtector to detect and blacklist specific packages.

UI Protection

DexProtector enables you to block screen capture and prevent keylogging. It also offers protection against overlay attacks, activity hijacking, Remote Access Tools (RATs), and Virtual Network Computing (VNC) exploits.

Public Key Pinning and Certificate Transparency

DexProtector enables protected apps to perform secure, client-side validation of public key certificates at the native level. This ensures the confidentiality and integrity of network communications and helps to stop man-in-the-middle attacks.

API Protection

With the DexProtector Runtime Engine managing network communications client-side, your app’s backend servers can check whether requests are coming from legitimate, unmodified, DexProtected applications, running on secure devices.

CryptoModule: White Box Cryptography Add-On

The DexProtector CryptoModule operates as a software alternative to a hardware-backed Trusted Execution Environment or Secure Enclave. Its applet automatically takes control of your app’s cryptographic processes, protecting user keys and sensitive data through white box cryptography and device binding.

Threat Intelligence and Fraud Monitoring

Alice receives and analyzes security-related data from DexProtected applications and libraries, offering a dashboard for data visualization, event correlation, and suspicious activity analysis. It also comes with add-ons available for API access, SIEM integration, and custom data reporting.


DexProtector was the first software protection tool approved by EMVCo for both Android and iOS. It continues to be evaluated regularly to make sure it stands up to the latest threats.

  • EMVCo SBMP Compliant
  • FIPS140-2 Compliant
  • PCI MPoC Compliant
  • PCI CPoC Compliant
  • PCI SPoC Compliant
  • PSD-2 Compliant
  • NIAP PP_APP_v1.4
  • 3DS SDK Compliant
  • IEC 62443

What's at stake?

  • Mobile app security is more important than ever

    Mobile apps are the lifeblood of modern-day interactions and transactions. Every day, streams of sensitive end user data flow through them, which is why bad actors see applications as such a huge opportunity (and why protecting them is so important.)

  • Without it, user trust and loyalty can erode

    Mobile app security is a shield against the consequences of malicious attacks. It protects you from financial losses and fines. But more importantly, it safeguards the reputation, credibility, and trust you've worked so hard to cultivate with your user base.

DexProtector provides a solid shield against a range of security threats targeting Android and iOS. By doing so it protects both your app and those using it.

  • vulnerabilities
  • IP theft
  • fraud
  • malware injection
  • repackaging
  • runtime tampering
  • sensitive data theft

How it works

Only a combination of DexProtector's four layers of app protection can keep your app or SDK safe.

code and resource harrdening illustration

Code and resource hardening

DexProtector's code and resource hardening (obfuscation, encryption, virtualization, and isolation) is vital. It makes your app's decompiled code almost impossible for an attacker to make any sense of. This first protection step is important in stopping bad actors from static reverse engineering - and decompiling and modifying - your application. It also helps to mitigate dynamic analysis and tampering.

runtime environment icon

Secure runtime environment

Rooted devices, customized firmware, malware, and dynamic instrumentation tools can all make the runtime environment untrustworthy and dangerous. This is a problem for both your app and its end users. DexProtector's Runtime Application Self-Protection (RASP) enables your app to protect itself at runtime. If it detects any of the threats listed above in your application's environment, it can prevent it from starting up.

key with tick illustration

Secure network communications

Almost all apps communicate with the outside world via the network. Financial and healthcare applications dealing with sensitive information are particularly reliant on this channel. Hackers know this and are on the lookout for ways to hijack it - be that via sniffing tools or man-in-the-middle attacks. DexProtector provides Public Key Pinning and Certificate Transparency to block the flow of data to bogus sources.

fingerprint illustration

Application integrity

Application integrity is all about preventing an attacker from tampering with your app's binaries. This is crucial because tampering could result in malicious code injection, repackaging, and cloning. Without integrity control, a bad actor could even remove other protection mechanisms like RASP. If DexProtector detects that any of your app's code has been modified, it will stop it from running without exposing any sensitive information.


There’s too much at stake to leave your app's security to chance. With DexProtector you don’t have to.



A white box cryptography solution that stores keys safely in an isolated environment, CryptoModule is made for apps dealing with sensitive data that rely heavily on cryptography like mobile banking, SoftPOS, and mobile wallet apps. It also helps healthcare apps meet HIPAA and FCA regulations.

learn more
Alice Threat Intelligence

Alice Threat Intelligence

Protecting against attacks is only half the battle. It’s also vital to know how threats are evolving over time. That’s where Alice comes in. A threat intelligence solution, it unveils the risks in your app’s environment and displays data clearly that you can feed into your fraud scoring system to improve it.

learn more

DexProtector 14.1

DexProtector 14.1 is built on top of a completely refreshed core architecture to offer true defense in depth.

learn more

A guide to mobile application protection

Attacks against mobile apps are getting more dangerous. To defend against them you need to know how and why attackers target them and what you can do to stop them succeeding.

read guide