Upload
bangcle-mobile-app-security
View
677
Download
6
Embed Size (px)
Citation preview
Dedicate to Mobile APP Security
By Oct. 2014:
240,000 Android Apps30,000 Mobile Developers300,000,000 Smartphones
2010-5 series A round from IDG
2014-5 series C round from SIG
Certified Mobile Firewall Product Vendor in China
IEEE ICSG member Member of ANVA
Certified Android App Security Vendor in China
2013-4 series B round from IDG、Redpoint
【Running Env. Security】
VMware
【Device Security】
Symantec,
MacAfee, Kaspersky
【App Security】
BANGCLE
App
Change paid
to free App Malicious
payment
creation
Virus injection
Remove/byp
ass security
setting
App Repack
Illegal App
localization
Remove Ads
Plugin illegal
Ads
Evaluation AppShield App Release App Monitor App Management Statistic/BI
Before releasing security evaluation and shielding
APP Distribution Management
Programming Security
Source Code
Protection
Fishing App Monitoring
App Management•Data collection•Environment monitor
•Security EarlyWarning
•MessagePushing
Penetration Report
Code Auditing Report
App Distribution
Report
Competitor Report
Piracy Monitoring
App Monitor/Early warning
Assist toupload to download
sites
Pirated/fishing App Removing
Data Security
Environment Security
Business Security
Storage Protection
Data Protection
Protocol Protection
Environment Monitoring
Source Code Audit (White-box)
App Penetration Service
(Black-Box)
Symmetric Encryption
White-box cryptography + AES technology
USA federal government standard
IBM, Arxan, InterTrust etc
Hack TechnologyCurrent Solution onAndroid Platform
Bangcle Defend Best Practices on Android
Reverse Engineering Code obfuscation Code EncryptionAnti Reverse Engineering
App Integrity CheckAnti tampering
Debugging N/A Anti-DebuggingLow level trap detectionMemory monitoring and detection
Self ProtectionReactivate when App is compromised
Illegal Data Copy Encrypt key can be easy found by disassemble Apk
Transparent Strong EncryptionCombined with code encryptionEncrypt key secured by white-box technology
Bind IMEI with Encrypt keyPrevent data file being copied out
Mobile App Game Developers
Mobile Banking App Developers
Black-Box
Cloud USA
5 – 10 Minutes
No code change needed
Upload App
Cloud Shielding (5-10 minutes)
Download App
Sign Apps -> Test -> Release
Competitors
V0.5 Code Obfuscation
VS.JAVA Class
Loader
VS.JAVA VIM
VS.CPU VIM
SO Protection
Local Data Protection
Unity Script Protection
VS.
BANGCLE
Crawlers
Data Analysis
Data Storage
App Similarity Analysis Engine
Report Generator
APK
310 Download
site
Information
App Distribution Monitor Report
Web
Secured Soft KeyboardSDK
Anti-Game CheatsSDK
Question 1 : How long it will take us to shield an App?
Answer:
Within 15 minutes. However, normal processing time is less than 10 minutes include virus
scan service
Question 2 : Can you secure Apk SO, log, audio and other resource files ?
Answer:
Yes. We can manually encrypt them
Question 3: How can we try it?
Answer:
Yes. You can try a non commercial version Appshield in www.secneo.com or send your
request to [email protected] for a banking grade security product and service.
①. Perfectly Mudded Apps
In 2012, it’s hard to find such perfect hacked App with all
original App’s features. Today, you can find them
everywhere
②. Free Gold Coin Mudded Games
It’s the games killer. “Flappy Bird”’s challenge attracted
millions players but a game without challenge wouldn’t last
long
③. Standard Mobile Game Cheats Tools
There are 25 different Cheats tools in the market include:
Freedom, GameGardian, HaXplorer, etc. Many of them
combine memory modification and speeding control
feature.
④. Game Specific Mobile Game Cheats Tools
This is the game killing machine. It can be found anywhereincludes Youtube or sold in eBay, Taobao and othersmarket.
⑤. Mobile Game Grade Upgrading-Service and trading
It’s very popular and big business in Japan, China,Korea and Taiwan. Cheaters use cheats tools to upgradingplayer’s grade without paying a dime. Players pay by theeach game level
⑥. Cracked Mobile Game Servers
If you’ve seen over 2000 “Cracked Minecraft Servers”, you
wouldn’t be surprised seeing fast growing cracked mobile
game servers in 2014. Typical example is “Heroes
Fantasy”’: www.hxyxsf.com/down.html
⑨. Mobile Source Code Market
What you don’t know is that under the table people
trading reversed game source code.
⑩. Mobile Game Re-packers
Mobile game re-packers are making more moneythan some original game developers. The cost forre-packers almost nothing: hack, repack thenuploading to 200+ download sites.
⑧. Mobile Game Parts Market
Never heard of it? You may find those cost yourmillion’s dollars created UI, pictures, soundsdocuments sold in market of 5 dollars. Mobilegame junk yard business is growing faster market
⑦. PC Virtual Machine Cheats
This is the popular way of using PC software forskilled players to cheat
Name Log Version Types Notes
Freedom 1.0.6 Hack Google Play iAP Tool
DaX Atk 2.0.5 App Memory Modification Tool
GameBooster 2.0.4 Game Speed Control Tool Modify System Speed
GameCIH 3.0.0 App Memory Modification and Speed Control Tool Modify Frequency Speed
Game Guardian 6.0.5 App Memory Modification
HaXplorer 3.3.1 App Memory Modification
GameCIH2 2.2.3 App Memory Modification
Name Logo Version Type Notes
八门神器 2.61 App Memory Modification Tool
烧饼修改器 3.1 App Memory Modification and Speed Control ToolModify Frequency Speed
变形金刚修改器 2.6.3 App Memory Modification Tool
烧饼免root修改器 4.0 App Memory Modification and Speed Control ToolModify Frequency Speed
安卓游戏加速器 1.2.8 Speed Control ToolModify Frequency Speed
安卓游戏助手 1.3 Speed Control ToolModify Frequency Speed
葫芦侠 2.6.5 App Memory Modification and Speed Control ToolModify Frequency Speed
Name Logo Version Type Notes
游戏助手 2.1.1 App Memory Modification Tool
泡椒修改器 5.5.1 App Memory Modification Tool
手机游侠 1.8.9 App Memory Modification and Speed Control Tool Modify Frequency Speed
天天游戏加速器 2.2.0 Speed Control Tool Modify System Speed
游戏加速器 2.2.0 Speed Control Tool Modify System Speed
游戏加速精灵 1.0.5 Speed Control Tool Modify Frequency Speed
游戏加速器 1.3 Speed Control Tool Modify System Speed
You spend millions on App security but still got hacked
Your App has many users but few paying
You spend more money on security issue than paying third party professionals
Your developers spend more time on security than writing codes
Your QA spending over 15% testing time on App security
You have to give up a million-dollars game design because of game security control
problem
When you choose game engines, security is the top concern
Your developers think they can defeat Hackers