Protection Options
This page explains what each option blocks, when to turn it on or off, and how it works under the hood. Defaults are summarized in the At a Glance table below.
Core Protection (Always Applied)#
The three protections below are applied automatically to every app and cannot be turned off.
| Protection | In plain terms | In detail |
|---|---|---|
| Code packing & encryption | Locks your core code away in a safe | The original DEX is encrypted with AES-256-GCM and loaded only in memory at runtime via InMemoryDexClassLoader (no plaintext DEX on disk) |
| Key entanglement (anti-debug) | Obstructs analysis | At startup, debugger and instrumentation detection signals are fused into the decryption key (key entanglement) |
| Native obfuscation | Scrambles even the machine code | O-MVLL/O-LLVM control-flow flattening, opaque predicates, indirect-call encryption, and MBA |
For the detailed mechanisms: How It Works · What Sets Us Apart.
Optional Toggles#
You select these with checkboxes at upload time. For defaults, see At a Glance.
Server Monitoring#
Sends the threats and usage activity that occur in your app to a dashboard. See at a glance who is using your app and whether there have been any attack attempts.
- When to turn it on — Almost always. It's your window into whether protection is actually working.
- In detail — Telemetry is authenticated with a per-app HMAC-derived key and sent non-blocking and fail-safe (an outage on our servers does not affect your app's behavior). Details: Monitoring.
Root Detection#
Detects when your app runs on a rooted phone (a phone with its safety locks removed). A rooted phone is a precondition for hooking, cloning, and memory dumping.
- When to turn it off — Apps with many users who legitimately use rooted environments (developer tools, etc.).
- In detail — Multiple signals such as
su, mounts, build properties, and Magisk/KSU traces. Hardened even for environments where SELinux blocks simple file checks.
Emulator Detection#
Detects when your app runs on a fake phone inside a PC rather than a real device. Attackers use emulators to analyze apps at scale and repeatedly.
- When to turn it off — When you need official emulator support (some games and testing).
Hooking / Frida Detection#
Detects attempts by hooking frameworks such as Frida, Xposed, and LSPosed to swap out your app's behavior in real time. This is a core technique for bypassing payments and authentication.
- When to turn it on — Recommended if you have sensitive logic such as payments, authentication, or games.
- In detail — In-process hooking injection (Xposed, Riru, Zygisk, Substrate) plus inline hooking (trampoline) detection. Detection signals are tied into key entanglement.
String Encryption#
Hides the strings inside your app (server addresses, keys, messages) behind encryption. Even if the code is extracted, they won't appear in plaintext — a last line of defense for when another layer has been breached.
- When to turn it on — Recommended in most cases (safe and highly effective).
- Full functional testing recommended after enabling — Because it actually transforms code, there can rarely be side effects. Send us your test login credentials and we'll run the regression tests for you on our 102 physical devices. (Background)
ADB · Debugger Detection#
Detects debugging connections that attach to a PC over USB for analysis, as well as timing-based debuggers.
- When to turn it on — When you need a stronger layer of protection. Use with care, as it can affect some legitimate environments (development, QA).
Tamper · Integrity Verification#
Checks on its own whether the distributed app file has been secretly altered (repackaging and forgery detection).
- Constraint — APK only. Automatically disabled when you upload an AAB.
- In detail — Verifies the SHA of our assets plus all additions/removals. Runs deferred so that verification happens after the output has been signed.
At a Glance#
| Option | What it blocks | Default |
|---|---|---|
| Server monitoring | (monitoring & logging) | On |
| Root detection | Rooted phones | On |
| Emulator detection | Fake phones inside a PC | On |
| Hooking / Frida detection | Real-time tampering tools | On |
| String encryption | String exposure | On |
| ADB · debugger detection | USB debugging | Off |
| Tamper · integrity verification | File forgery (APK only) | Off |
Stability first — Every detection is designed to inspect only its own process, so a false positive will not crash your app on a legitimate device. Every code-transforming option passes d8 verification + fallback and the ART verifier release gate. (Security Assurance)
Next#
- How It Works · What Sets Us Apart — the internal mechanism of each protection
- Monitoring — view the detection results for the options you've enabled