Frequently Asked Questions
A categorized summary of the questions most often raised during the evaluation stage.
Adoption Basics#
Can I use it without development knowledge? Yes. Uploading and selecting options takes just a few clicks. The only exception is the final signing step, which requires the app owner's signing key—so if an external development firm handles your builds, you only need to delegate that one step. For the full procedure, see Quick Start.
What input file formats are supported?
Simply upload the .apk or .aab file you use for store distribution. Both formats are supported.
Protection Effectiveness#
Does applying protection make my app 100% secure? No. A 100% guarantee is a structural limitation shared by all client-side protection, and any product that claims to guarantee it should not be trusted. The goal of protection is to drive up the cost and time of an attack and to detect and respond to the few who persist to the end. We cover the detailed reasoning in What Is App Protection?.
What is the fundamental difference from other products? Conventional RASP blocks a threat with a conditional branch once it is detected, so neutralizing that branch makes a bypass possible. Appsolid binds the detection signal into the derivation of the decryption key, so in a hooked or debugged environment decryption fails and the original code is never loaded into memory. The mechanism is described in How It Works, and a product-by-product comparison is provided in Competitor Comparison.
Does applying protection affect app performance? Core protection performs a single decryption on first launch and is designed so there is no perceptible delay. The detection features also run lightweight. For details, see Performance & Compatibility.
Compatibility and Integration#
Do you support iOS? Currently Android only. iOS support is planned for the future.
Do you support cross-platform apps such as React Native, Flutter, and Unity?
Core protection is DEX (Java/Kotlin bytecode) packing, so the protection coverage depends on whether the code compiles to DEX. Native Android components are fully protected, but React Native's JS bundle and Flutter's Dart code (libapp.so) are not DEX, so they are not subject to DEX packing. These frameworks are therefore partially protected. If protecting JS/Dart code is critical for you, please contact us before adoption; we recommend validating in advance with a sample protection run and physical-device testing. For details, see Performance & Compatibility.
Is it compatible with Play App Signing? Yes. Sign the output with your upload key and submit it to Play. (Distribution Compatibility)
Which Android versions and CPU architectures are supported? For CPU, the ARM family (arm64-v8a, armeabi-v7a) is supported. For Android versions, minSdk 26 and above uses in-memory-only loading, while below minSdk 26 uses a file + JAR fallback path—both are fully supported by protection. The differences by version are explained in Performance & Compatibility.
How much does the output size increase? Because an encrypted DEX and a native loader are added, the size increases; the magnitude depends on the original size and the options selected. You can verify this in advance with a sample protection run, and for AAB, Play's split distribution mitigates the impact on user downloads.
Does it integrate with CI and automation environments? Programmatic protection is available via the API-key-based v1 API, and you can receive Webhook notifications carrying an HMAC signature when a threat occurs.
Is there any chance a false positive could terminate a legitimate user's app? Every detection is designed to inspect only its own process, so no abnormal termination caused by a false positive occurs. When a judgment is ambiguous, the app runs normally. (Stability)
Signing and Distribution#
Why is the output provided unsigned? A signing key corresponds to the app owner's identity and is a secret that must never be handed over externally, so signing is always performed by the owner directly. Appsolid already applies zipalign, so after downloading you only need to sign.
Can I protect an app that has already been released? Yes. Re-sign the protected build with the same key and distribute it as an update.
Data and Testing#
Does monitoring collect personal information? No. Instead of personally identifiable information, it uses only an anonymous identifier plus an approximate country and app version, and all data is isolated per account. (Monitoring)
Does applying string encryption require separate functional testing? String encryption actually transforms the code, so we recommend a full functional check. Since most customer apps require a login, Appsolid cannot verify every feature on its own; if you provide test login credentials, we will run regression testing on your behalf across our 102 physical devices.
Troubleshooting#
When protection processing does not complete. This may be temporary processing congestion, so try again shortly. If it fails repeatedly, verify that the uploaded file is a valid APK/AAB.
When a protected app does not launch. In most cases this is due to a missing signing step (Quick Start). If the problem persists, compare against a build with string encryption disabled to narrow down the cause.