Trusted by financial institutions around the world.
DexProtector is the only software protection tool to achieve both Android and iOS certification from EMVCo
Financial apps are under threat
In one recent attack, bad actors created an environment to mimic the phones of 16,000 mobile banking customers. This act enabled the attackers to drain millions of dollars from the victims’ accounts in a matter of days.
Incidents like this are becoming normalized. But only because apps aren’t hardened to block attacks.
Why protection for financial apps is so important
Not long ago, banking customers would go to a branch in person. This helped to foster loyalty and trust. But now your app is often the only thing your customers see, so securing it is the best way to build trust with them.
Robust app protection helps you to:
- Comply with regulations such as PSD2 and avoid penalties
- Prevent damaging loss of revenue and reputation
- Reduce your insurance premiums
DexProtector’s secure native layer makes financial apps safer to use
Bad actors are opportunistic. They don’t always have a set goal in mind when they attack your financial application. Instead, they put it under a microscope and scrutinize it. They look for weaknesses they can exploit. DexProtector’s advanced protection technology has one job - to frustrate them. Its 7 key features do just that. They block attack avenues, making your app safe for your customers to use.
Code protection and virtualization
This feature prevents static and dynamic attacks. A bad actor will often start an attack by decompilng your app and extracting valuable assets. They can also use more advanced tools like the JEB Decompiler to decrypt sensitive strings and understand the app’s logic. But DexProtector’s code protection and virtualization stops them from carrying out this vital first step.
Zero code protection for your assets and resources based on strong cryptographic algorithms. Cryptographic keys are dynamically reconstructed at runtime based on your entire app or SDK. That means that key and content extraction attacks are impossible. DexProtector also uses dynamic analysis prevention measures to stop the dumping of decrypted resources from memory.
The integrity of your app or library is the most crucial part of its security. Without reliable integrity control, an attacker could tamper with it. DexProtector embeds a speedy, secure native engine into your app or SDK. As every protection function relies on cryptographic keys generated at runtime, DexProtector knows if a bad actor has made alterations. If that’s the case, it will stop the app from working.
DexProtector’s native engine blocks dynamic analysis and code injection. This defence is vital because these are the two most common techniques hackers use to attack your app or library. Runtime checks help to prevent debugging, hooking, running your app on emulators, and rooted or jailbroken devices. DexProtector can also detect the latest versions of Frida, Magisk and Zygisk.
DexProtector’s reinforced public key pinning and certificate transparency mechanisms help to stop man-in-the-middle attacks. It makes sure that your app or library cannot establish a connection with an untrusted server. And it also reinforces the set of algorithms used for the secure transport channel. That means it can check that the communication is secure.
Secure execution environment and Crypto Module
A self-defending virtual trusted execution environment (vTEE) that looks after your cryptographic operations and key storage. It integrates into your app in seconds at the protection stage. No changes to your code are needed if you’re using Java/Android Crypto API. This feature makes key material exfiltration attacks and interfering with your cryptographic operations a non-starter for attackers.
UI protection blocks screen capture and activity hijacking. Screen capture blocking hardens your app against screenshots, screen recording, and screen casting. Hijacking prevention protects your app from malware that takes control of it and replaces legitimate windows with bogus ones. And enforced use of the system keyboard ensures your app is not exposed to unsafe input from custom keyboards.
Supports Android versions 4.0 to 12.x
Supports iOS versions from 9.x to 15.x
How DexProtector’s trusted security saves you both time and money
DexProtector is nimble and evolves to counter evolving threats. That means you can focus on creating a great app for your end users without having to worry about its code and data being exposed.
No code saves time
You get the peace of mind that your app is protected without having to invest valuable engineering time.
Ready for the zero-trust world
You can’t always know where and how your app is running. But DexProtector’s checks mean it’s safe whatever the environment.
Support for hybrid apps
App development is evolving with more frameworks than ever. If you’re using a hybrid approach, DexProtector can secure it.
Protection without a hit on performance
DexProtector’s unique native engine keeps your app safe behind the scenes without slowing it down.
DexProtector isn’t a cloud-based security solution. It secures your app in an isolated, enclosed environment that you control.
Your protected app is just a click away
With one click DexProtector Studio shows you how your app is being protected. It also highlights potential vulnerabilities.
Android and iOS don’t offer enough protection for financial apps
Android and iOS offer some basic security measures. But not enough to protect financial apps that end users rely on for sensitive tasks and transcations.
Android in particular is highly fragmented because of the huge number of manufacturers and vendors. It’s estimated that 83% of users weren’t using the latest version of Android in 2020. That means they might not have had the latest security on their device.
Apple’s walled garden approach means that iOS offers more protection than Android. But it too is vulnerable to modern, sophisticated attacks.
DexProtector operates at a deep level to block damaging attacks
Cybercriminals poke and probe financial apps for weaknesses. For example, they’ll often attempt to decompile your app as a starting point of any attack. But because DexProtector uses code hardening, they aren’t able to do so.
With that attack avenue blocked, they might plan to run a dynamic analysis instead. But to do that they’d need to create a special environment to use analysis tools. DexProtector’s environment checks can detect this and stop the app from running.
DexProtector shuts and locks doors at every turn. Doors that attackers would simply be able to push open if you relied on platform security alone.