Proof, not promises
Security you can point to. Here's the validation evidence behind Appsolid — measured on real devices and real (anonymized) customer apps, not marketing copy.
Android 8.0 – 16
On real AWS Device Farm phones
Detect → exit → reaches dashboard
Payload entropy 8.0/8.0
Measured protection efficacy
Not marketing copy — values measured statically and dynamically on real protected builds. Based on two real (anonymized) customer apps.
Validation coverage (real customer apps, anonymized)
Runtime threats — 7 types, verified end-to-end on real devices
We actually injected each threat (e.g. Frida injection, strace attach, file tampering) and confirmed the app detects, exits, and the event reaches the dashboard.
On real customer apps (anonymized)
8,036 classes, 100 real devices — protected build, zero bricks
- 99.95% of classes hidden from static analysis (8,036 → 4 bootstrap-loader only)
- Device Farm 100/100 install · 100/100 native crash-free (Android 8.0–16)
- Coexists with the customer's own in-house protection; ships under their original signing key
- minSdk<26 file fallback verified on a real API25 device
20,385 classes, down to legacy armv7 real devices — full obfuscation stack
- 99.98% of classes hidden from static analysis (20,385 → 4)
- minSdk 21 + full code-obfuscation stack verified on 6/6 real API23 armv7 devices
- Passed offline/soak runtime robustness + full-RASP option robustness
Honest scope: these are point-in-time measurements on specific apps — we make no “blocks 100%” claim. Protected code is decrypted in memory at runtime; our threat model and limits are published in the docs.
Full methodology and limits: Security validation & assurance · Threat model