본문 바로가기

Solutions

Mobile App Tamper-Resistance SolutionAppDefence

Product Overview

Exafe AppDefence provides the most secure protection mechanism against all tampering threats targeting enterprises and financial institutions. It offers the following key advantages.

01. Scalability

  • Exafe AppDefence is designed to be applicable to websites, PCs, mobile apps, and mobile web, making it easy to scale in the future.
  • Administrator screen easily scalable.

02. Providing Trusted Services for Mutual Auth

  • Authenticating application server via application authentication key.
  • Application authentication by server through one-time authentication verification token.
  • Application verifies server authentication by comparing the value returned by the server, which includes a NONCE that can only be decrypted by the authentication server, with the authentication token.

03. Preventing Hacking with Dynamic Processes

  • The server downloads dynamic modules into client memory for one-time execution and directly executes them in client memory, performing integrity verification for dynamic modules.
  • Configured to prevent code reuse for rendering hacking ineffective.
  • Disposal of dynamic modules after single use to prevent reuse.

04. Service Unavailable on Code Verification Failure

  • Validation processing in generation process.
  • App termination upon verification failure.

Features

Exafe AppDefence is a dedicated solution for detecting and preventing tampering in mobile apps. It safeguards against security threats that can lead to the leakage of critical user information through malicious code embedded in tampered apps.
Service Management
  • Debugging Prevention Function
  • App Management
  • Blocking Access to Versions with Critical Vulnerabilities
  • Device Management
  • One-Time Authentication Token: Short Validity Period (5-10 seconds) and Non-Reusable
  • Memory HASH: Hashing of Authentication
  • Information in Memory
  • APP HASH: Hashing of the App based on the Dynamic Process Delivery Method from the Server
Service Protection
  • Real-time Detection with App Tampering Verification Engine
Device Protection
  • Incorporated Module for Jailbreak and Rooting Detection
  • Implemented Mutual Verification by Enabling Service Verification on the Client Side
  • Module Updates

Operation

Upon initial launch, the application performs a one-time verification (with optional additional checks) to detect any tampering before the app can be used. If tampering is detected through the verification server, integration with a monitoring system can be added if necessary.