Easy integration and powerful security with Promon SDK Protection™ for mobile SDKs
Promon SDK Protection™ brings advanced security for Software Development Kits (SDKs) on Android and iOS. It’s specifically designed for critical sectors like Banking, Gaming, Streaming, and eGovernment — simplifying integration and reducing friction between security and development teams so you can get robust protection while maintaining development agility.
It embeds code obfuscation and runtime protections directly into compiled code, effectively guarding SDKs and their host apps against reverse engineering, tampering, and unauthorized access. With SDK Protection, secure your products and intellectual property, streamline your development processes, and confidently expand into new markets.
30
SDKs typically integrated into an app
92%
companies experienced a breach due to vulnerabilities in apps developed in-house
64%
of security teams struggle to pivot from one security tool to the next, with little integration to make it easier
Your strategic outcomes with Promon SDK Protection™
Protect your intellectual property
Protect your proprietary code and sensitive data using SDK Protection’s binary code obfuscation capabilities. This will block unauthorized access and prevent reverse engineering, keeping your innovations secure and exclusive. Additionally, securing your SDKs directly mitigates the risk associated with operating on untrusted devices and within vulnerable applications. This proactive approach allows you to detect and react to attacks, effectively making your SKDs more resilient.
Streamline development workflows
SDK Protection’s post-compile integration simplifies your security implementation. It seamlessly blends into your development process without changes to your codebase or the need for additional training. This approach saves time and reduces maintenance costs compared to traditional security methods, ensuring your development team can focus on innovation rather than security management.
Consistent security across mobile platforms
Ensure uniform protection across Android and iOS SDKs. SDK Protection’s scalable framework effortlessly extends your security measures to emerging platforms and architectures, ensuring persistent, high-level protection for all devices and operating systems. This comprehensive coverage simplifies security management and supports your expansion into new markets.
Drive better security outcomes for your SDKs
- Product managers and Tribe leads
- Developers and Security engineers
Product managers and Tribe leads
SDK Protection not only decreases the financial and time resources often needed for high-level security implementations but also actively defends your intellectual property against unauthorized access and tampering, securing your competitive edge. Moreover, this solution eases the process of navigating the complex landscape of data security and privacy regulations. It provides peace of mind by ensuring your SDKs consistently adhere to evolving industry standards and legal requirements with minimal effort.
Developers and Security engineers
SDK Protection integrates into your existing workflows, offering powerful security without complicating the development process or impacting application performance. Its post-compile implementation does not impact the integrity and quality of your source code. Furthermore, its Android and iOS support, along with other platforms and architectures on the roadmap, means you can confidently secure SDKs across various development environments, solving multiple security needs with a single solution.
What makes Promon SDK Protection™ different?
Promon SDK Protection code obfuscation techniques
- Section encryption encrypts code and data sections within the executable to prevent static analysis. On the Java bytecode, it encrypts static strings like error messages, file names, API keys, URLs, etc.*
- Control flow abstraction diverts call instructions within the code sections to a central dispatch function that hides the links between code blocks, making the application’s control flow and all external calls invisible to prying eyes.
- Block splitting breaks binary symbols into smaller fragments and shuffles them throughout the code, which is useful when having a large symbol with few or no dependencies or if you want to increase the obfuscation of particular symbols.
- Integrity checking adds a checksum network to protect the code from unauthorized modification. When this feature is enabled, modification causes the binary to crash randomly, preventing crash analysis.
- Debug stripping removes debug information from the binary because it contains a surprising amount of debug information, even on “release” builds and especially on “debug” builds.
- Renaming (Java and Kotlin) renames classes and their members (i.e., fields and methods) to have meaningless names. It also flattens classes into a single package.*
* Beta feature
Promon SDK Protection™ runtime controls
- Hooking protection: SDK Protection detects the presence of code hooks and, based on your configurations, outright crashes the app and optionally calls an internal function for custom handling.
- Root/Jailbreak protection: A rooted or jailbroken device is much more susceptible to malware. For both Android and iOS, SDK Protection detects if the device’s default restrictions are compromised and can be configured to act accordingly.
- Debug protection: Attackers can run a debugger on an Android or iOS application to extract sensitive information and help them reverse engineer the app. SDK Protection detects the use of such debuggers and, based on your configurations, outright crashes the app and optionally calls an internal function for custom handling.
We looked at a number of vendors, but chose Promon as all the staff we dealt with had deep knowledge of the product. We also got to speak directly with the members of Promon’s development team. Having direct access to developers at Promon allowed us to resolve problems quickly.
KEITH HARRISON
Head of software development, Nude