Menu
get a trial
Menu
inquire
DexProtector
DexProtector Android documentation

Documentation

iOS documentation
Android menu

Android

Introduction to DexProtector

What is DexProtector?

DexProtector is an EMVCo-certified, post-build, no-code protection tool for Android and iOS applications and SDKs.

Installed fully on-premises with an offline implementation, DexProtector runs as an additional step in the application build pipeline.

DexProtector:

  • Takes as input the app package (APK, AAB, AAR, IPA, XCArchive, Framework, or XCFramework)
  • Obfuscates, encrypts, and tamper-proofs app code, assets, and data
  • Automatically integrates powerful security and anti-fraud capabilities via dedicated, proprietary in-app modules
  • Outputs the repackaged, secured, tamper-resistant app, signed and ready for release

Once the app has been released, in-app modules continue to monitor and protect it on end users’ devices, enabling the app to:

  • Prevent automated, scalable attacks: malware, credential theft, API abuse
  • Block local threats: reverse engineering, tampering, and security-control bypasses
  • Reinforce authentication and ID verification processes
  • Provide essential platform and device attestation data for fraud monitoring and prevention

Apps integrating DexProtector also have the option to report to Licel’s Alice Attack Telemetry & Threat Intelligence platform for enhanced analytics.

Alice turns runtime signals into actionable intelligence for fraud scoring, risk assessment, and analysis by SOC teams. It ingests events from protected apps and enables organizations to search, correlate, and link suspicious activity across users, devices, and sessions.

Obfuscation & Encryption Capabilities

DexProtector delivers comprehensive code, asset, and data protection at every layer of your mobile app or SDK, across both Android and iOS, blocking static analysis, reverse engineering, and unauthorized access to secrets.

  • String & Metadata Encryption — Constants (URLs, keys, flags), exported symbols, and sensitive metadata are encrypted at rest, making secrets, signatures, and class structures unreadable to attackers, whether in bytecode (Android) or Mach-O binaries (iOS).
  • Class Encryption & Hide Access — Method calls, field accesses, and entire classes are obfuscated and encrypted. App logic, data flow, and class hierarchies stay invisible until runtime, defeating reverse engineering through static analysis.
  • Native Library Encryption & JNI Obfuscation — JNI bridges and native (.so) libraries are obfuscated and encrypted, hiding implementation details and business logic from binary analysis.
  • Manifest & Symbol Mangling — Entry points and component names (AndroidManifest.xml) are obfuscated or encrypted, eliminating human-readable anchors used for repackaging and automated attacks.
  • Resource Encryption — Security-critical assets, including JSON, databases, models, and cross-platform code files, are encrypted within the app package, denying adversaries access to sensitive information and logic

As well as making code and assets virtually impossible for attackers to access, encryption offers a level of protection that simple obfuscation, like renaming classes or methods, can’t match.

Encryption creates a cryptographic bond between protected components and the DexProtector Runtime Engine responsible for decrypting them during runtime; this enables DexProtector to enforce a robust chain of trust from build-time to runtime, with RASP, security, and anti-fraud modules locked to the app. Any attempt at tampering instantly breaks this bond, keeping code and assets encrypted and stopping the attacker in their tracks.

TIP: Even if preventing reverse engineering is your only priority, obfuscation, encryption, and protections against static analysis alone are not enough. Attackers routinely use dynamic analysis (running the app in real time, hooking APIs, instrumenting the runtime, or dumping decrypted code from memory) to bypass static protections and uncover app logic, secrets, and sensitive operations. This makes Runtime Application Self-Protection (RASP) a necessity.

RASP, Security, and Anti-Fraud Capabilities

DexProtector automatically integrates an array of in-app security components in the form of statically and dynamically linked libraries, cryptographically bound to the host app.

Engineered for bypass resistance. DexProtector establishes a cryptographic chain of trust from build-time through runtime; in-app security and anti-fraud modules are cryptographically bound to the host app; in case of tampering, protected code and assets cannot be decrypted and the app's execution is prevented.

At launch and throughout runtime, this chain of trust underpins integrity checks that validate each component of the app, preventing bypass of RASP mechanisms and attestation signals, and protecting the app’s own security-critical operations.

DexProtector Runtime Engine
  • The DexProtector Runtime Engine (DRE) controls access to the app’s DexProtector-encrypted code and assets, and extends a protective shield over app components and other security modules.
  • The DRE implements
    • Anti-Tampering (Cryptographic Integrity Controls; Code Integrity Checks; Asset Integrity Checks)
    • Runtime Application Self-Protection (Anti-Debugging; Anti-Hooking; Anti-Frida; Anti-Instrumentation; Anti-Code Injection; Anti-Virtual Containers)
    • Platform & Device Attestation (Emulator Detection; Root Detection; Jailbreak Detection; Custom Firmware Detection)
    • UI Protection (Anti-Keylogging; Anti-Screen Capture; Input Event Analysis)
    • Network Security (Public Key Pinning; Certificate Transparency)
  • These capabilities enable apps to prevent & mitigate threats based on reverse engineering; tampering; code injection; compromised networks; man-in-the-middle attacks; remote access tools; bots; screen capture.

Mobile API Protection

  • The Mobile API Protection module integrated in the app by DexProtector generates short-lived cryptographically signed tokens confirming the app's integrity, to be included in API requests and validated at the backend.
  • Enables backend servers to confirm that a request originates from a genuine, up-to-date, and secure instance of the mobile app, and to reject requests from insecure, tampered, or untrusted endpoints.
  • Prevents & mitigates threats based on API abuse; bot attacks; credential stuffing; replay attacks; version rollbacks

User Preference Encryption

  • The User Preference Encryption module integrated in the app by DexProtector ensures security for data at rest, i.e. data stored locally on the user’s device, through a combination of encryption and device binding.
  • For apps using SharedPreferences (Android) and NSUserDefaults (iOS) to store sensitive or security-critical data, such as PINs, auth tokens, session tokens, usernames, email addresses, phone numbers, and location history, persistently on the user’s device.
  • The User Preference Encryption module ensures that such data is stored encrypted with a device-specific key, protecting it from unauthorized access and extraction from the device.
  • Prevents & mitigates threats based on stolen devices; malware; remote data extraction.

Malware Detection

  • The Malware Detection module integrated by DexProtector enables the app to detect and report known malware, potentially harmful apps (PHAs), and blacklisted apps on the user’s device.
  • DexProtector integrates a database of known malware signatures and identifiers, sourced directly from the comprehensive Alice Malware Database.
  • The Malware Detection Module references this database when scanning the end-user's device. If any listed apps are identified on the device, their presence is reported to Alice.
  • Prevents & mitigates threats based on malware & PHAs, e.g. banking trojans, spyware apps, remote access apps, virtual camera apps, cloning apps, GPS spoofing apps, etc.

Licel vTEE CryptoModule

  • The Licel vTEE CryptoModule is an in-app component which provides secure cryptographic services - ensuring the confidentiality and integrity of key material, keys, and the most security-critical sensitive data – through a combination of white-box cryptography and logical isolation within an instance of the Licel vTEE.
  • Unlike traditional hardware-based TEEs, the Licel vTEE is a software-based implementation. It creates a virtual, logically isolated execution environment directly within the mobile application itself.
  • This enables capability for a fully ‘secure channel’, such that (1) key material and secret keys are never exposed outside of the vTEE, and (2) whenever sensitive data exists outside vTEE (whether in memory, in storage, or in transit) it can always be in encrypted form.
  • The outcome is the prevention and mitigation of exploitation based on malware, memory dumps, replay attacks, unauthorized access to cryptographic keys, theft of EMV payment card credentials, and theft of tokens.
  • The CryptoModule TA is therefore ideally suited to apps and SDKs with software-protected cryptography requirements, as defined by PCI MPoC and EMVCo SBMP specifications.
  • The CryptoModule TA is integrated by and configurable via DexProtector, and secured by both the Licel vTEE and the DexProtector Runtime Engine.
NextDexProtector for Android
Search the documentation

Link copied!