About MAD

In the Android ecosystem, the openness of the operating system and the ease of installing apps outside the official store (sideloading) create a vast attack surface. MAD provides a defense-in-depth architecture for native (Java/Kotlin) and cross-platform (React Native, Flutter, Cordova) apps, focusing on the app's resilience in hostile environments.

The solution combines three main defensive strategies:

• Proactive (Preventive) Protections: Mechanisms such as code obfuscation and string encryption that hinder static analysis and reverse engineering even before the app runs. • Runtime Defense (RASP): Active sensors that monitor the environment and process state in real time, detecting attempts at tampering, hooking and debugging, among others. • Intelligent Reaction: Ability to respond to threats by terminating the app before data is exfiltrated or fraud is completed.

Main Attacker Objectives Mitigated by MAD:

• Unauthorized access: Use of stolen credentials or bypass of biometric authentication via hooking. • Code Injection and Malware: Modifying the app's behavior to divert funds, steal data or turn the device into part of a botnet. • Reverse Engineering: Decompilation of the APK to understand proprietary business logic , extract API keys or find exploitable vulnerabilities. • Expansion of the attack surface: Use of emulators and "device farms" to scale automated fraud.

Technical Differentiators:

• Polymorphic (Variable) Protection: With each build, a "seed" value changes how the code is obfuscated and how security checks are structured. This means that version 1.0 and version 1.1 of your app are internally different, invalidating attack scripts and cracks developed for previous versions. • High Customization: Protection can be adjusted via XML to balance security and performance, allowing specific checks to be disabled that might conflict with third-party libraries or business requirements.