1. Requirements
Android AppSealing supports APK with the following specifications.
- Unity engine: 4.6 or later
- Unreal Engine : version 4.1 or later
- Android SDK: API 8 or later / Android SDK build-tools revision 19.1 or later
Hybrid frameworks (Cross-platform)
- Flutter: 2.x~3.x
- React Native: 0.60 ~ 0.73
- IONIC
- Cordova
- Xamarin
2. Sealing
2.1 Uploading APK file
Uploading the APK file to the AppSealing server will automatically implement the AppSealing security module inside the APK file.
Just upload the APK built from Unity to the ADC for full protection.
1. Log into ADC and go to the Sealing page. (Fig.1)
(Fig.1)
2. Configure sealing options
- Sealing Mode
- Test Mode: For testing before uploading for Release Mode.
- Release Mode: For market release purposes.
- DEX Encryption
- Protects JAVA code by encrypting multiple DEX files.
- Rooting
- Blocks or allows rooted devices from running the application.
- Emulators
- Blocks or allows Bluestacks and Nox from running the application.
- Macro tools
- Block or allows the installation of macro tools at 2.16.0.0+ versions.
- Packet attacks
- Block or allows the installation of packet attack tools at 2.16.0.0+ versions.
3. Upload your apk.
4. Click the 'Seal The File' button to Seal.
2.2 Downloading Sealed APK file
The sealing process can vary in time depending on the APK file size. You’ll be noticed through your email on the Sealing result.
- Go to Sealing History below the Sealing page once the Sealing has been completed. (Fig.2)
(Fig.2)
2. The download button is activated when the APK file has been Sealed.
3. Now you can download the Sealed APK and install it on a device.
NOTE:
The Sealing server breaks the Keystore signing during the Sealing process. Keystore signing must be done after Sealing in order to release and install & launch the APK file.
Zipalign must be done in order to upload the APK to Google Play.
3. Zipalign and Keystore re-signing
Applying AppSealing will disable apk`s certificate. For seamless integration, AppSealing supports Keystore management and automated signing apk & aab file after applying AppSealing.
You can see the below pop-up window when you try to download the app from the web console.
<You can download the app with automatic signing with your keystore>
If you don't want to upload Keystore to the AppSealing console, then you need to consider adding zipalign & signing steps to your build pipeline.
3.1 Apply zipalign
zipalign -p -f -v 4 [APK_FILE] [ZIPALIGNED_OUTPUT_APK_FILE]
Zipalign must be applied before signing the apk.
3.2 Sign your apk with ApkSigner
apksigner sign --ks [KEY_STORE_FILE] --ks-key-alias [ALIAS] [APK_FILE]
3.3 References
- Zipalign & apksigner tools are installed at
%ANDROID_SDK_HOME%\build-tools\%ANY_SDK_VERSION% - Check google`s guide for detailed information about zipalign and apksigner tools.