Requirements
Android AppSealing supports APK and AAB ( App Bundle ) with the following specifications.
- Unity engine: 4.6 or later
- Unreal Engine: version 4.1 or later
- Android SDK: API 8 or later / Android SDK build-tools revision 19.1 or later
Hybrid frameworks (Cross-platform)
- Flutter: 2.x~3.x
- React Native: 0.60 ~ 0.76 ( Nov 2024 )
- IONIC
- Cordova
- Xamarin
Sealing
Uploading file
Uploading the app file to the AppSealing server will automatically implement the AppSealing security module inside the file.
Just upload the APK built from Unity to the ADC for full protection.
Log into Developr console and go to the Sealing page. (Fig.1)
(Fig.1)
Configure sealing options
Basic Configuration
- Select your app`s Framework
AppSealing provides compatibility for apps built by various frameworks. If your app is not included in the below list, still you can check "Others" and proceed with sealing to check compatiblity.
- Select your App Category
There is a Game & Non-Game category. By selecting one of these, Developer console will show you more optimized sealing options.
- Select AppSealing Version
AppSealing always recommends using the latest version, but we understand changing the security version and testing again is a burden for app developers. You can stick to a specific version that is fully tested and clarifies the compatibility at your end until you have time to move on to the latest version. - Sealing Mode
- Test Mode: This is for testing before the release of your app. Usage with Test mode won't be charged.
- Release Mode: For market release purposes. This app's Monthly Active Device will be charged at the end of the month.
- DEX Encryption
- Protects JAVA code by encrypting multiple DEX files.
- Dex String encryption
- If you don't see this button, please check you are using a 2.33.0.0 or higher version.
- This feature encrypts Strings in Dex files separately, which can hide confidential strings even when hackers attack the Dex file.
- Block Dex Dump
- If you don't see this button, please check you are using a 2.33.0.0 or higher version.
- This function wipes the Dex file`s traceable information to protect it from automated memory dump scripts. Some security libraries can conflict with this feature.
Environment Detection
- Rooting
- Blocks or allows rooted devices from running the application.
- Developer Options
- USB Debugging
- Wi-Fi Identification
- Emulators
- Blocks or allows Bluestacks and Nox, or other known emulators to run the application.
- Work Profile & Samsung Security Folder
Tools & Package Detection
- Macro tools
- Block or allow the installation of macro tools.
- Packet attacks
- Block or allow the installation of packet attack tools.
- Keylogger
- Block or allow the installation of keylogger tools
- Overlay Windows
- Prevent external tools using overlay windows to render floating UI at sealed app.
- Many cheat tools are implementing overlay windows to attack target apps in runtime.
- Use Query All Packages
- Enabling this is recommended for an app that is not uploaded on Playstore.
- Refer to this link to understand the details of QUERY_ALL_PACKAGES permission.
Advanced Detection
- Screen Mirroring & Capture
- This feature prevents other screen recording or mirroring tools from seeing sealed apps.
- Data Sealing
- This feature provides data encryption at rest.
- This feature will charge additionally per app.
- Over the Air Update
- This feature provides control of the cheat tool blacklist in OTA.
- Note) This feature does not provide automatic blacklist updates from the AppSealing team. Customers need to enter target cheat tools that they want to block or allow.
3. Upload your app file.
4. Click the 'Seal The File' button to Seal.
2.2 Downloading Sealed app file
The sealing process can vary in time depending on the APK file size. You’ll be noticed through your email on the Sealing result.
- Go to Sealing History below the Sealing page once the Sealing has been completed. (Fig.2)
(Fig.2)
2. The download button is activated when the APK file has been Sealed.
3. Now you can download the Sealed app and install it on a device.
NOTE:
The Sealing server breaks the Keystore signing during the Sealing process. Keystore signing must be done after Sealing to release and install & launch the APK file.
Zipalign must be done to upload the APK to Google Play.
3. Zipalign and Keystore re-signing
Applying AppSealing will disable apk`s certificate, which can cause an installation error. For seamless integration, AppSealing supports Keystore management and automated signing apk & aab file after applying AppSealing.
You can see the below pop-up window when you try to download the app from the web console.
<You can download the app with automatic signing with your keystore>
If you don't want to upload Keystore to the AppSealing console, then you need to consider adding zipalign & signing steps to your build pipeline.
3.1 Apply zipalign
zipalign -p -f -v 4 [APK_FILE] [ZIPALIGNED_OUTPUT_APK_FILE]
Zipalign must be applied before signing the apk.
3.2 Sign your apk with ApkSigner
apksigner sign --ks [KEY_STORE_FILE] --ks-key-alias [ALIAS] [APK_FILE]
3.3 References
- Zipalign & apksigner tools are installed at
%ANDROID_SDK_HOME%\build-tools\%ANY_SDK_VERSION% - Check google`s guide for detailed information about zipalign and apksigner tools.