Application Protection for Android

Formerly Arxan

Code, key, and data protection plus threat detection for apps written in Java or Kotlin as well as C/C++ Android libraries. 

Protecting Android apps and understanding their threat posture are critical to managing risk in today’s zero-trust world.

Lock icon for Application Protection for Android, protect mobile apps, protect icon


Cybercriminals can exploit mobile apps by reverse engineering them to expose code and steal customer identities, intellectual property, or gain access to back office systems. Application Protection for Android protects mobile apps with code hardening technology, enabling runtime protection against reverse engineering and code tampering along with the ability to repair attacked code and disable app functionality when attacked. 

Application Protection for Android, protect mobile apps, detect icon


Equally important to code protection is threat detection and alerting. The ability to detect and alert on active reverse engineering or tampering attacks is essential to getting in front of Android app attacks - stopping them before they go viral. 


With integrated threat detection and alerting, Application Protection for Android closes the loop between protecting Android apps and understanding their real-time threat posture. 

Application Protection for Android, protect mobile apps, encrypt icon


Providing full protection for Android apps also requires that communication keys, API locations, and critical in app data be encrypted to protect against attacks. Key & Data Protection delivers added security by encrypting static and dynamic keys and sensitive application data with white-box cryptography that utilizes mathematical techniques and transformations to blend together app code and keys to secure cryptographic operations. 

Multi-layered approach to protecting android applications

  • Protection at the speed of DevOps - rapidly inject essential app code protections and threat detection sensors after code development, without disrupting your DevOps process.

  • Real-time alerting - notifies organizations: if apps are running on rooted devices, when reverse engineering attacks are in progress, or other suspicious behavior via App Aware.

  • Static protection - obfuscates source code, making it harder for attackers to understand and analyze for reverse engineering.

  • Active protection - in the event of reverse-engineering, tampering, or malware attacks, the app can be shut down, sandboxed, self-repaired, or behavior changed in response.

  • Randomized code obfuscation – inserting honeypots and deceptive code patterns to increase the difficulty of reverse engineering and tampering.

  • Continuous platform support – is committed to delivering platform support for the latest versions of Android operating systems within five days of release.

Video screenshot for Android Rapid App Protection
Play Video

Rapid Android app security

  • Essential, unmatched Android app protection integration within minutes 
  • Streamlined integration with DevSecOps and CI/CD environments 
  • Immediate discovery of an app’s risk posture from the moment it’s published Application Protection for Android tech specs


  • Java
  • Kotlin
  • C/C++ 


  • Android Studio 
  • Android NDK 

DevOps tool integrations

  • Jenkins
  • Puppet

Additional resources

Icon for Solution Brief
Brief App Aware Solution Brief App Aware is an integrated service that provides visibility into the security posture of protected applications.

Icon for Solution Brief

White-Box Cryptography

White-box cryptography uses encryption, obfuscation, and mathematical transformations to secure keys and critical data inside the applications running.

Icon for Webinar

The Vulnerability Epidemic in Financial Services Mobile Apps

New research by Aite Group on the state of financial services mobile app security.

Contact Us