(formely known as Epona)

Code, Data and Keys Protection Software

Source code and data are today’s crucial assets of an application. A layered security approach is the right way for preserving their integrity and confidentiality against attackers.

Reshaping the modern software security posture

 

In our modern environment, software is present in every aspect of our professional and personal life. As they are crucial in this aspect, applications also contain large amounts of personal, financial and medical data. The ever-growing rise of attacks has shown that building barriers around them is today no longer sufficient to safeguard applications. We must rethink the security approach for these endpoints and integrate protection measures from within, giving them the ability to defend themselves against attacks.

Quarks AppShield is built to this intent and provides a comprehensive set of in-app protection technologies for software running on mobile, desktop and embedded architectures. By layering several protection measures and counter-measures against a wide range of attacks, Quarks AppShield ensures that your applications, data, code and keys are safe.

Three components to protect code, data, and cryptographic keys

Quarks App Protect

Code & Data Protection

Deter attackers trying to reverse-engineer your application by applying several layers of software protection technologies.

Advanced obfuscation: with more than 30 possibilities of scrambling software blocks, functions and modules, the right security combination that works for your application while maximizing performances is at your reach.

Device Trust Assessment: by simply adding a few lines to your source code, your application will be able to defend itself against different types of static and dynamic analysis attempts.

Quarks Keys Protect

Cryptographic Key Protection

Concealing secret keys and unique identifiers from prying eyes is crucial, especially for applications running on untrusted environments.

Our white-box cryptography component hides cryptographic keys and operations in the application’s source code, preventing its recovery by attackers.

Quarks Digital Vault

Data Encryption and Secure Storage

Preventing data leaks and theft of sensitive data, such as Personal Identifiable Information (PII) can be done through encryption.
By combining hardware and software cryptography in a simple library, Quarks Digital Vault enables developers to encrypt sensitive application data easily.

Key Features

Quarks App Protect Quarks Keys Protect Quarks Digital Vault
Protection mode Static and dynamic Static and dynamic Persistent (on disk) keys & data
Protection layers

Code & Data obfuscation with more than 30 different passes available

Environmental protections: anti-root, anti-jailbreak, anti-debug, anti-hooking, anti-dynamic analysis

Integrity checks / anti-tampering

Multi-level configuration: block, function, module

Automatic test & reporting on the applied protections

Symmetric encryption: AES128 with ECB/CBC/CTR modes

Asymmetric encryption: ElGamal on the NIST P-256 curve

Hash functions: SHA-1/SHA-256

Symmetric Authentication: AES-CMAC

Signature: ECDSA-SHA-256 on the NIST P-256 curve

Diversification per client or per device

Full control on the (re)generation of your whitebox

Device binded key/value database

Encryption and authentication of data

Only decrypt what you use

Rely on hardware security components if available (e.g. Android KeyStore)

Small code and memory footprint

Languages C/C++ API
Security policy External YAML configuration or Pragma in the code API
Operating systems Linux, Windows, OS X, Android, iOS Linux, Android
Architecture x86, x86_64, ARM, ARM64
IDE integrations Apple XCode, Microsoft Visual Studio, & Google Android NDK
Sec/Dev/Ops (CI Integrations) Gitlab, Jenkins

Quarks AppShield in the Real World

Viaccess-Orca was looking for an organisation able to offer a high level of proximity and responsiveness to threats and this is what we have found with Quarkslab.

Our teams are now working closely together to obfuscate source code, protect encryption keys for our secure player as well as maintain the best ratio between performance and security.
 

Cédric Hardouin

Executive VP R&D, Viaccess-Orca

Ready to protect your most sensitive assets?

Reach out to our sales team for a product demonstration.

Related Resources

Securing Mobile Payment Applications

Securing Mobile Payment Applications

Payment systems are at the heart of the global economy. Over the past few decades, electronic payments have grown at a fast pace, supplanting traditional payment systems such as cheques and cash to become the current standard.  These systems have evolved over the...

read more
Cases studies – Viaccess Orca

Cases studies – Viaccess Orca

The streaming video market is estimated to reach 110 billion euros by 2024, with an average annual growth of almost 20%. Boosted by mobile devices, ever more powerful 4G and soon 5G connections, online video consumption is here to stay. Viaccess-Orca (VO) is one of...

read more
Infographic – Mobile Payment

Infographic – Mobile Payment

Discover in the infographics below how mobile payment works and what are the risks and threats  with the development of payments from mobile platforms. See the infographics: https://bit.ly/3oIhyAO

read more