DexProtector Android documentation


iOS documentation
Android menu


Implementations and Integrations

DexProtector Gradle Plugin

The DexProtector Gradle plugin is included in every distribution package, and can be used to protect APKs, AABs, and AARs.

The steps are straightforward for implementing DexProtector into your build:

Set the path to DexProtector in your buildscript.repositories (main build.gradle of your project), for example:

flatDir { dirs '/Users/developer/DexProtector' }

Add the following dependencies:

buildscript {
     dependencies {
         classpath ':dexprotector-gradle-plugin:'
         classpath ':dexprotector:'

And apply the DexProtector Gradle plugin in your build.gradle file, as the line immediately after apply plugin: '' or apply plugin: '':

apply plugin: 'dexprotector'

It is necessary to specify the relevant DexProtector configuration file within the buildType, as follows:

ext.set("dexprotector.configFile", "${projectDir}/dexprotector.xml")

To specify a configuration file for a particular product flavor, the same principle applies:

buildTypes {
release {
productFlavors.flavor1.ext.set(“dexprotector.configFile”, “${projectDir}/dexprotector-flavor1.xml”) }

You can therefore manage your DexProtector configuration files for respective build variants, using flavor dimensions, product flavors, and build types, for example as follows:

flavorDimensions "release", "debug"
productFlavors {
releaseA {
                            dimension "release"
                            applicationIdSuffix ".releaseA"
           releaseB {
                            dimension "release"
                            applicationIdSuffix ".releaseB"
            debugA {
            dimension "debug"
                            applicationId "com.dexprotector.debugA"
            debugB {
            dimension "debug"
                            applicationId "com.dexprotector.debugB"
        buildTypes {
            release {
                productFlavors.releaseA.ext.set("dexprotector.configFile", "${projectDir}/dexprotector-releaseA.xml")
                productFlavors.releaseB.ext.set("dexprotector.configFile", "${projectDir}/dexprotector-releaseB.xml")

DexProtecting Hybrid and Cross-Platform Applications (React Native, Ionic, NativeScript, Cordova, Xamarin, Flutter)

JavaScript and HTML-based Hybrid and Cross-Platform Apps

It is straightforward to DexProtect a hybrid or cross-platform app developed using frameworks such as React Native, Ionic, NativeScript, and Cordova.

For code hardening purposes, it is enough to target the JS and HTML files through Resource Encryption. That means setting a filter such as the following:

    <resourceEncryption mode="all">
        <assets mode="on">

All additional protection mechanisms - further Resource Encryption, RASP Runtime Checks, Public Key Pinning, UI Protection, and Alice integration - can be applied as they would be with a native app.


Every feature of DexProtector Enterprise is available for Xamarin-based Android apps, including:

  • Code hardening and resource hardening through obfuscation and encryption of classes, methods, and strings, to prevent static analysis and reverse engineering
  • Runtime Application Self-Protection (RASP), with constant checks on the operating environment and communications network, to prevent dynamic analysis and Man-in-the-Middle attacks
  • Integrity checks, to prevent code and resource tampering and cloning
  • DexProtector's dedicated CryptoModule, isolating cryptographic data and processing to prevent interception of cryptographic keys and calculations

Xamarin Android applications contain Dalvik bytecode, resources, and native libraries. Within the resources there are Mono Runtime native libraries and Xamarin Assemblies. Xamarin Assemblies consist of Xamarin Runtime and Xamarin Program Code.

DexProtector's fundamental defenses against static analysis work on Dalvik bytecode within Xamarin-developed Android apps, which may contain Android Wrapper Classes (Activity, ContentProvider, Receiver, Service), Xamarin/Mono support classes and third-party library classes. So all of the following apply just as they would for an app developed in Java or Kotlin:

  • String Encryption
  • Class Encryption
  • Hide Access
  • Native code obfuscation (excluding Mono Runtime)
  • Native code encryption
  • Native code anti-debugging
  • Encryption of resource and asset files in assets/, res/ and root/
  • Resource name obfuscation (resources.arsc)
  • Obfuscation of AndroidManifest.xml: Applications/ActivityNames/ContentProviders/Receivers class names mangling

And DexProtector is also capable of interacting with Mono Runtime, thereby allowing you to encrypt Xamarin assemblies. You can use the <xamarinAssemblies/> element in the DexProtector configuration file to enable the encryption of assemblies. For example:

        <xamarinAssemblies dir="custom assemblies location">

For all other protection mechanisms, including the Runtime Checks, no special configuration is needed; just follow the steps described elsewhere in the documentation.


DexProtector supports apps developed with Flutter in just the same way as native apps; there is no difference in the configuration requirements.