skip to Main Content

Protect your mobile apps against repackaging

Safeguard your applications from repackaging attacks and avoid fake versions of your apps distributed in the app stores

Some users compromise their devices on purpose in order to gain additional capabilities, like installing unauthorized apps. This is a popular occurrence on mobile platforms. Thus, malicious apps on mobile platforms are becoming more and more popular. Since the techniques for creating fake apps are publicly available, malicious apps are likely to adopt these methods. By doing this, they gain extensive permissions and capabilities to compromise the original app in itself or third party apps.

Repackaging an app means that an attacker obtains a copy of the app from the distribution platform (Google Play Store or Apple App Store). The attacker then adds malicious functionality to it, and re-distributes it to users who believe that they are using a legitimate app or the original app. The act of repackaging the application is also used when attempting to reverse engineer the application.

Repackaging is a widely used practice to deploy Trojan horses on Android devices. On Android, this is made possible since there are many distribution platforms apart from the official Google Play Store. Apple also offers other ways to deploy apps in the form of Ad- Hoc- and Enterprise- Deployment where apps can, for example, be installed on a user’s device from a web page without being reviewed by Apple.

Illustration of repackaging detection for mobile apps of two apps. One legit app and one fake.

Detect and protect your apps against Repackaging

Promon SHIELD™ detects when an app has been modified (repackaged). As a result, the original app that has Promon SHIELD™ implemented cannot be executed repackaged. This means no fake-apps run on a user’s device. In order to make sure that the protection mechanisms Promon SHIELD™ offers are active, a binding between the Promon SHIELD™-SDK (Software Development Kit) and the app is created. This then prevents the app from being started without the security features provided by Promon SHIELD™.

There are several types of binding mechanisms used: The binding process for Android modifies the app (class files), by extracting values and constants from the application code and rewriting them. These values will then be invalid in the application without Promon SHIELD™. When the app is launched, Promon SHIELD™ will initialize these values correctly, or provide them with the app only if the security policy is satisfied.

This approach makes it harder to attempt to remove Promon SHIELD™ from the app since the app will be missing key pieces of information without it. “Binding” an iOS application to Promon SHIELD™ renders the application useless if Promon SHIELD™ is prevented from running. In all cases, maintaining an optimal user experience (UX) is a very high priority for the Promon SHIELD™ technology.

Back To Top