Application Security Access Guide
This article describes how to add the app security feature introduced by TapTap to your game.
Description of APK hardening function
Functional features
| Function Name | Descriptions |
|---|---|
| SO Encryption Protection | Encrypt and obfuscate the code, functions and export tables of the SO files to prevent HOOK attacks and effectively improve the difficulty of unpacking. |
| global-metadata Encrypted | For IL2CPP games, the global-metadata is hardened to raise the cracking threshold. |
| AAB Reinforcement | Support for Android app bundle hardening solutions. |
| Reinforcement programme self-protection | The source code of the reinforcement scheme is obfuscated, which greatly raises the threshold for reverse analysis of the reinforcement scheme by plug-in authors and further increases the difficulty of cracking the game. |
| ROOT Environmental Testing | Reduce the potential for fraud in high-risk environments. |
| Debugging Against | Detection of debugging tools such as IDA, FRIDA, etc., effectively raising the threshold for dynamic analysis. |
| Simulator Recognition | Based on a sample library, it accurately identifies simulator users and provides an accurate basis for game segregation matching. |
| Cloud Mobile Phone Recognition | Multi-dimensional determination of the cloud phone environment based on real phone data and multiple cloud phone samples from the extranet. |
| Anti Secondary Packaging | To keep the signature consistent before and after reinforcement, you can enable signature verification to prevent secondary packaging. |
| Malware Countermeasure | Anti-frame plug-ins, memory modifiers, multi-openers and other software. |
Operating Instructions
Function Entrance
Games that have not joined the Fire Plan and have exclusive published on TapTap can be entered directly through the Application Security portal, or contact the relevant business or operation departments to apply for it if there is no such portal.
For games joined the Fire Plan, you can select the APK enhancement rights directly from the Fire Plan page and click Use Now (as shown below).
Rules
- The number of successful reinforcement attempts for each game in a single natural month is not allowed to exceed 5 times. Developers should not abuse the service.
- For users with multi-channel requirements, please ensure that the project is in normal operation if reinforcement is required before secondary packaging.
- The size of the augmentation file should not exceed 2G;
- Reinforcement does not support automatic signing and you must re-sign after reinforcement;
- You can only reinforce a maximum of 2 files each time.
Description of the anti-cheating function
The anti-cheating detection function mainly means that after the game is reinforced, the platform will monitor and capture data on illegal operations and environment when the app is running for display. By displaying cheating devices and related details, developers can gain a deep understanding of the current security situation and accurately grasp the security situation.
Page Field Descriptions
- UUID: running device tag
- UserID: reported on the game page
- Feature number: hexadecimal display value
| Feature Code | ID | Detection Type | Detailed Information |
|---|---|---|---|
| 1000000000000000+id | 0 | root class | root system, test signature pattern |
| 1 | root | root、magisk、TESTSIGNING | |
| 2000000000000000+id | 0 | Debugging Classes | Debugger |
| 1 | android debug | ida、frida、java Information | |
| 3 | android ADB | adb enabled | |
| 3000000000000000+id | 0 | hook class | hook |
| 1 | android hooked, iOS inline hook | api flag | |
| 2 | android hook frame, iOS fh hook | hook frame | |
| 3 | android java hooked | java hook flag | |
| 5 | android hook framework (multi-opener)) | ||
| 4000000000000000+id | 0 | Memory Classes | Runtime memory modified externally |
| 1 | Determining when a memory device is open | ||
| 5000000000000000+id | 0 | Resource Modification Class | Resource, Signature Modified |
| 1 | android signature, iOS exception signature team | apk or so signature information | |
| 6000000000000000+id | 0 | Emulator Classes | Running with an emulator |
| any | Emulator | Type | |
| 7000000000000000+id | 0 | Cloud Phone Class | Running with a Cloud Phone |
| any | Cloud Phone | Type | |
| 8000000000000000+id | 0 | Generic Plug-ins, Peripherals Classes | |
| any | Generic Plug-ins, Peripherals type value | Peripheral | |
| B000000000000000+id | 0 | Sandbox Classes | |
| any | Sandbox Detection Type | Type |
- Detection type
| index | type | description |
|---|---|---|
| 1 | Root Class | android and ios: running environment is root environment, windows: test signature environment |
| 2 | Debugging Class | Running processes are debugged |
| 3 | Hook Class | hooked |
| 4 | Memory Modifier Class | Running content has been modified |
| 5 | Resource Modification Class | Resource signatures have been modified |
| 6 | Simulator Class | Simulator running |
| 7 | Cloud Provider Class | Cloud real machine operation |
| 8 | General Plug-ins | Known types of cheating software detection |
| 9 | Special Plug-ins | Peripheral Input Capture Calculation |
| 10 | Injection Class | Cheat frames or other injections |
| 11 | Sandbox Class | Sandbox environment operation |
- Detection results
- Implement processing strategies according to detection types.
2、Detect to stop or do not perform additional operations.
- Detailed information
1、Detection type details
Function usage rules
Diagram operation
- Provide filter function based on report ID, user ID, detection type, detection result and time.
- Provide report download function to support downloading the detected data to the local area.
Anti-cheat strategy configuration
- Anti-cheating strategy configuration is provided, and developers can configure their own anti-cheating strategies.
- Configuration is enabled by default and supports configuration. Developers can disable it if they wish. After it is disabled, the corresponding configured strategy will not take effect.
