Application hardening

Enabling streaming applications on multiple platforms is not an easy task, particularly if they need to be robust against pirates. Many are often caught by time and rush to publish their application on their app store of choice without thinking about security. Application hacking remains one of the easiest ways to steal content and credentials. This is done by attacks such as cloning, reverse engineering, emulation, and code uplifting to name few. So it is important to make sure that all applications are well hardened before launch and the required software-level protections are properly addressed. These protections need to cover not only code but also data (aka code protection and data protection). The need for multiple platforms is often a “must”, which implies that these hardening tools need to support all the major coding languages (C, C++, Objective-C, Java, and JavaScript).

Code protection:

  • Code obfuscation (flattening, merging, opaque predicate, function aliasing, etc…)
  • Encryption (code encryption and library encryption)
  • Anti-tampering (local checksum, global checksum, call guards)
  • Anti-debugging (debugger detection, debugger prevention, root detection, anti-emulation, anti-disassembler, anti-DBI)

 Data protection:

  • Data encryption
  • String masking
  • Opaque predicate
  • White-box cryptography

These protections need be applied not only on the player but also on the UI application embedding the player. Failure to protect the UI application might expose critical call flows between app and server as well as critical data like credentials.

Copyright © 2020 Nagravision S.A.