Introducing support of Java in Quarks App Protect!
June 28, 2021

Are you seeking to protect your Android or Java application? We did it for you! 

At long last and by popular demand, we are happy to announce today that we have introduced Java as a supported language in Quarks App Protect, the application protection component of Quarks AppShield. This new feature allows mobile developers to protect their Android applications against reverse-engineering. By extension, all Java applications are also supported. With this first version of Java support, we also provide beta support for Kotlin.

Android applications and the reverse-engineering risk

Due to specific paradigm differences, Android and Java applications are more susceptible to decompilation and disassembling than native code applications. For developers and companies wishing to protect their intellectual property, obfuscation and dynamic protections are more than welcome to deter attackers from copying IP through reverse engineering. With Quarks App Protect, our goal is to bring a product offering an ideal security/performance ratio to the market. To achieve this goal, we provide more than 30 static and dynamic protections, applicable in a granular fashion, from function level to the block/module or even on a whole application.

However, we originally focused on C/C++ languages, and Java has some critical differences compared to these languages. So we had to proceed differently this time: our engineers found a way to apply obfuscations to Java applications while keeping what we previously created to obfuscate C/C++ applications.

This new method enables us to obfuscate Java applications with a strong set of obfuscations schemes coming from the native world.

Our recipe works as follows: first, we translate the Java bytecode of a compiled app to an LLVM Intermediate Representation. Once this step has been done, we apply obfuscation schemes to the LLVM-IR and then translate it back to Java bytecode, now obfuscated.

We gave more insight about this way of doing things in a previous blog post accessible at this address. This research project acted as a validation of the method, and our engineers took it further to make it an actual commercial feature in our product. This Java release is now available for all of our customers, with a limited amount of available obfuscations for now. Furthermore, while we have not fully tested this feature against all use cases, it is ready for testing. 

The road ahead

Java support will see some significant improvements over 2021: we will introduce in September a feature that will allow developers to protect both parts of an Android application, native and Java, bringing an additional protection layer and ease of use in the usage of our product. 

As this feature comes with a limited set of obfuscations, we will also add more static & dynamic protection schemes during the year, bringing ones developed from the C/C++ part of Quarks App Protect. 

If you wish to test this new feature, schedule a call with our sales team by filling out this form.