Dedicate to Mobile APP Dedicate to Mobile APP Security Security By Jayson Li 2014-11-25By Jayson Li 2014-11-25

Sales Contact: Jayson.Li@secneo.com or Nicole.Ban@secneo.com

About BANGCLE

By Oct. 2014:

240,000 Android Apps30,000 Mobile Developers300,000,000 Smartphones

2010-5 series A round from IDG

2014-5 series C round from SIG

Certified Mobile Firewall Product Vendor in

China IEEE ICSG member

Member of ANVA Certified Android App Security Vendor in China

2012–2014 Business

Growth 100%2012–2014 Business

Growth 100%

2013-4 series B round from IDG 、 Redpoint

2013-4 series B round from IDG 、 Redpoint

Before releasing security evaluation and shielding

APP Distribution Management

APP Distribution Management

Programming Security

Programming Security

Source Code

Protection

Source Code

Protection

Fishing App MonitoringFishing App Monitoring

App Management•Data collection •Environment monitor •Security Early Warning •Message Pushing

App Management•Data collection •Environment monitor •Security Early Warning •Message Pushing

Penetration Report

Penetration Report

Code Auditing Report

Code Auditing Report

App Distribution

Report

App Distribution

Report

Competitor Report

Competitor Report

Piracy Monitoring

Piracy Monitoring

App Monitor/Early warning

Assist to upload to download

sites

Assist to upload to download

sites

Pirated/fishing App Removing Pirated/fishing App Removing

Data Security

Data Security

Environment Security

Environment Security

Business Security Business Security

Storage Protection

Storage Protection

Data Protection

Data Protection

Protocol Protection Protocol

Protection Environment Monitoring

Environment Monitoring

Source Code Audit (White-box)

App Penetration Service

(Black-Box)

Symmetric Encryption

White-box cryptography + AES technology

USA federal government standard

IBM, Arxan, InterTrust etc

Hack TechnologyCurrent Solution on

Android PlatformBangcle Defend Best Practices on Android

Reverse Engineering Code obfuscation Code Encryption Anti Reverse Engineering App Integrity Check Anti tampering

Debugging N/A Anti-Debugging Low level trap detection Memory monitoring and detection Self Protection Reactivate when App is compromised

Illegal Data Copy Encrypt key can be easy found by disassemble Apk

Transparent Strong Encryption Combined with code encryption Encrypt key secured by white-box

technology Bind IMEI with Encrypt key Prevent data file being copied out

Mobile App Game Developers

Mobile Banking App Developers

Black-Box

Cloud USA5 – 10 Minutes

No code change neededUpload AppCloud Shielding (5-10 minutes)Download AppSign Apps -> Test -> Release

Competitors

V0.5 Code Obfuscation

VS.JAVA Class

Loader

VS.JAVA VIM

VS.CPU VIM

SO Protection

Local Data ProtectionUnity Script Protection

VS.

BANGCLE

Crawlers

Data Analysis

Data Storage

App Similarity Analysis EngineApp Similarity

Analysis Engine

Report Generator

APK

310 Download site

Information

App Distribution Monitor Report

Web

Question 1 : What are AppShield impact to App performance and compatibility?

Answer: Result from over 30,000 App and 150 different smartphones in China, USA, EU, Japan,

Korea, HK, TW

Apk size increased 800k - 2000k depend on App and security levels CPU usage increase 2% ～ 8% Memory usage increase 4% ～ 10% APP start up time increase 0.1s ～ 0.9s No compatibility issue for majority brand cellphones Support ARM, x86

Question 2 : How long it will take us to shield an App?

Answer: Within 15 minutes. However, normal processing time is less than 10

minutes include virus scan service Question 3 : Can you secure Apk SO, log, audio and other resource files ?

Answer: Yes. We can manually encrypt them

Question 4: How can we try it?

Answer:Yes. You can try a non commercial version Appshield in www.secneo.com or send your

request to Jayson.li@secneo.com for a banking grade security product and service.

①. Perfectly Mudded Apps

In 2012, it’s hard to find such perfect hacked App with all original App’s features. Today, you can find them everywhere

②. Free Gold Coin Mudded Games It’s the games killer. “Flappy Bird”’s challenge attracted millions players but a game without challenge wouldn’t last long

③. Standard Mobile Game Cheats Tools

There are 25 different Cheats tools in the market include: Freedom, GameGardian, HaXplorer, etc. Many of them combine memory modification and speeding control feature.

④. Game Specific Mobile Game Cheats Tools

This is the game killing machine. It can be found anywhere includes Youtube or sold in eBay, Taobao and others market.

⑤. Mobile Game Grade Upgrading-Service and trading

It’s very popular and big business in Japan, China, Korea and Taiwan. Cheaters use cheats tools to upgrading player’s grade without paying a dime. Players pay by the each game level

⑥. Cracked Mobile Game Servers

If you’ve seen over 2000 “Cracked Minecraft Servers”, you wouldn’t be surprised seeing fast growing cracked mobile game servers in 2014. Typical example is “Heroes Fantasy”’: www.hxyxsf.com/down.html

⑨. Mobile Source Code Market

What you don’t know is that under the table people trading reversed game source code.

⑩. Mobile Game Re-packers

Mobile game re-packers are making more money than some original game developers. The cost for re-packers almost nothing: hack, repack then uploading to 200+ download sites.

⑧. Mobile Game Parts Market

Never heard of it? You may find those cost your million’s dollars created UI, pictures, sounds documents sold in market of 5 dollars. Mobile game junk yard business is growing faster market

⑦. PC Virtual Machine Cheats

This is the popular way of using PC software for skilled players to cheat

Name Log Version Types Notes

Freedom 1.0.6 Hack Google Play iAP Tool 　

DaX Atk 2.0.5 App Memory Modification Tool 　

GameBooster 2.0.4 Game Speed Control Tool Modify System Speed

GameCIH 3.0.0 App Memory Modification and Speed Control Tool Modify Frequency Speed

Game Guardian 6.0.5 App Memory Modification 　

HaXplorer 3.3.1 App Memory Modification 　

GameCIH2 2.2.3 App Memory Modification 　

Name Logo Version Type Notes

八门神器 2.61 App Memory Modification Tool 　

烧饼修改器 3.1 App Memory Modification and Speed Control ToolModify Frequency Speed

变形金刚修改器 2.6.3 App Memory Modification Tool 　

烧饼免 root 修改器 4.0 App Memory Modification and Speed Control ToolModify Frequency Speed

安卓游戏加速器 1.2.8 Speed Control ToolModify Frequency Speed

安卓游戏助手 1.3 Speed Control ToolModify Frequency Speed

葫芦侠　

2.6.5 App Memory Modification and Speed Control ToolModify Frequency Speed

Name Logo Version Type Notes

游戏助手 2.1.1 App Memory Modification Tool 　

泡椒修改器 5.5.1 App Memory Modification Tool 　

手机游侠 1.8.9 App Memory Modification and Speed Control Tool Modify Frequency Speed

天天游戏加速器 2.2.0 Speed Control Tool Modify System Speed

游戏加速器 2.2.0 Speed Control Tool Modify System Speed

游戏加速精灵 1.0.5 Speed Control Tool Modify Frequency Speed

游戏加速器 1.3 Speed Control Tool Modify System Speed

You spend millions on App security but still got hacked

Your App has many users but few paying

You spend more money on security issue than paying third party professionals

Your developers spend more time on security than writing codes

Your QA spending over 15% testing time on App security

You have to give up a million-dollars game design because of game security control problem

When you choose game engines, security is the top concern

Your developers think they can defeat Hackers

www.secneo.com

THANK YOUTHANK YOUSales Contact: Jayson.Li@secneo.com or Nicole.ban@secneo.com