Streamline development workflows
SDK Protection’s post-compile integration simplifies your security implementation. It seamlessly blends into your development process without changes to your codebase or the need for additional training. This approach saves time and reduces maintenance costs compared to traditional security methods, ensuring your development team can focus on innovation rather than security management.
Consistent security across mobile platforms
Ensure uniform protection across Android and iOS SDKs. SDK Protection’s scalable framework effortlessly extends your security measures to emerging platforms and architectures, ensuring persistent, high-level protection for all devices and operating systems. This comprehensive coverage simplifies security management and supports your expansion into new markets.
Drive better security outcomes for your SDKs
Product managers and Tribe leads
Promon SDK Protection™ not only decreases the financial and time resources often needed for high-level security implementations but also actively defends your intellectual property against unauthorized access and tampering, securing your competitive edge. Moreover, this solution eases the process of navigating the complex landscape of data security and privacy regulations. It provides peace of mind by ensuring your SDKs consistently adhere to evolving industry standards and legal requirements with minimal effort.
Developers and Security engineers
SDK Protection integrates into your existing workflows, offering powerful security without complicating the development process or impacting application performance. Its post-compile implementation does not impact the integrity and quality of your source code. Furthermore, its Android and iOS support, along with other platforms and architectures on the roadmap, means you can confidently secure SDKs across various development environments, solving multiple security needs with a single solution.
What makes Promon SDK Protection™ different?
Quick deployment
SDK Protection is built for quick integration, ensuring a smooth transition into your existing workflows. Its efficient deployment shortens the journey from concept to secure product release.
Low-impact on development
With our post-compile approach, SDK Protection fits into your processes without altering your codebase or slowing down development. This lets your team focus on innovation, not security hurdles.
Runtime protection
Beyond protecting against static threats through binary code obfuscation, SDK Protection actively secures SDKs even when the app is in use. It defends against dynamic risks such as code injection, hooking, and unauthorized debugging, thus bolstering your security posture.
Scalable security
As your company expands, SDK Protection adapts, matching the pace of technological innovation and platform diversity. Regular updates via a simple command line tool keep your security strategy forward-facing and resilient.
Promon SDK Protection™ code obfuscation techniques
- Section encryption encrypts code and data sections within the executable to prevent static analysis. On the Java bytecode, it encrypts static strings like error messages, file names, API keys, URLs, etc.*
- Control flow abstraction diverts call instructions within the code sections to a central dispatch function that hides the links between code blocks, making the application’s control flow and all external calls invisible to prying eyes.
- Block splitting breaks binary symbols into smaller fragments and shuffles them throughout the code, which is useful when having a large symbol with few or no dependencies or if you want to increase the obfuscation of particular symbols.
- Integrity checking adds a checksum network to protect the code from unauthorized modification. When this feature is enabled, modification causes the binary to crash randomly, preventing crash analysis.
- Debug stripping removes debug information from the binary because it contains a surprising amount of debug information, even on "release" builds and especially on "debug" builds.
- Renaming (Java and Kotlin) renames classes and their members (i.e., fields and methods) to have meaningless names. It also flattens classes into a single package.*
* Beta feature
Promon SDK Protection™ runtime controls
- Hooking protection: SDK Protection detects the presence of code hooks and, based on your configurations, outright crashes the app and optionally calls an internal function for custom handling.
- Root/Jailbreak protection: A rooted or jailbroken device is much more susceptible to malware. For both Android and iOS, SDK Protection detects if the device’s default restrictions are compromised and can be configured to act accordingly.
- Debug protection: Attackers can run a debugger on an Android or iOS application to extract sensitive information and help them reverse engineer the app. SDK Protection detects the use of such debuggers and, based on your configurations, outright crashes the app and optionally calls an internal function for custom handling.
We looked at a number of vendors, but chose Promon as all the staff we dealt with had deep knowledge of the product. We also got to speak directly with the members of Promon’s development team. Having direct access to developers at Promon allowed us to resolve problems quickly.
Keith Harrison, Head of software development, Nude