App Management

Available in Classic and VPC

App Management describes how to register an app to protect or create SDKs, or control the status of apps.

App Management interface

From the NAVER Cloud Platform console, click i_menu > Services > Security > App Safer > App Management in order to check the App Management interface.
The App Management interface includes the following components:

appsafer-app_screen_ko

Component	Description
① Menu name	Current menu name.
② Basic features	Features displayed when entering the App Management menu for the first time. [Register apps]: Click to Register apps. [Learn more]: Go to the App Safer overview page. [Refresh]: Reload the current page.
③ Post-creation features	Features provided after creating an app or SDK. [Delete]: Delete the selected apps. [Stop]: Stop the selected apps from running. [Start]: Start the stopped apps.
④ App list	Created app list. You can check app information and change settings.

Register apps

Register the app to protect on the NAVER Cloud Platform console.
You can simply apply how to register according to the mobile operating system or development environment or create SDKs.

Simple application: If your Android app is prepared in AAB or APK file format, select this option to quickly apply App Safer.
SDK integrations: Select this option when you want to apply App Safer by connecting SDKs to an Android or iOS app.

Simple application

To apply App Safer by simple application, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Security > App Safer.
Click [Register apps].
Proceed with the next steps in order on the Register apps interface.

1. Enter application information

Enter the app data and registration information to protect.
- Version: Select the version of App Safer you want to apply. For changes per version, see App Safer release notes.
- OS: Select Android as the mobile operating system for the app.
- Application method: Select Simple application.
- File upload: Click or drag the AAB or APK file to the Drag the file with the mouse or click here component.
  - The maximum size of files that can be uploaded is 4 GB.
  - You cannot re-register an app that has App Safer applied.
- Notification settings: Click [Set notification recipient] to assign a recipient to receive progress notifications via email or SMS.
  - To register a notification recipient, select the person in charge, the notification method, and click [Add].
  - To delete the registered notification recipient, click [Delete] on the relevant item.
  - When you need to add a new recipient, click [Manage notification recipient], and register the recipient information in the Notification Recipient menu of the Cloud Insight (VPC) or the Monitoring (Classic).
- Memo: Enter a memo of less than 255 characters, if needed.
Enter all the required information and click [Next].

2. Blocked device collection settings

For collecting and managing information of mobile devices detected in the blocking policy, select whether to integrate with Effective Log Search & Analytics.

The basic collection and statistics functions are provided regardless of the connection status.
If you want to use additional statistical data through Kibana, agree to the use of Effective Log Search & Analytics (ELSA). Once you agree, an ELSA project where you can view App Safer logs is automatically created.
Click the to move to the portal's Effective Log Search & Analytics introduction page.
Additional App Safer operation information is transferred when integrated with ELSA.
- Information logged in ELSA
  1. Initialization log (app version, package name, type of App Safer logging event, App Safer key, App Safer version, etc.)
  2. Detection log (app version, package name, type of App Safer logging event, App Safer key, App Safer version, detected policy name, Malware detection information, etc.)
    - Malware detection information provides the following data.
      - malware name: Diagnostic name of the detected malicious application.
      - source_name: Package name of the detected application.
      - dex_hashes: Hash values of the detected files.
      - grade: Grade of the detected malicious application (information provided to establish exception criteria for App Safer customers).
        
        HIGH: Malicious apps that can damage devices and services through activities like packet/memory manipulation or direct leakage of users' personal information.
        
        MEDIUM: Apps containing features that could potentially be used for malicious purposes, such as acting as droppers to download additional malicious files or containing permissions or functions that may be exploited for malicious activities.
        
        LOW: Apps with negligible direct malicious activities, such as those used for advertising or antivirus testing (e.g., EICAR), and those labeled with diagnostic names like Adware, Test, or Potentially.

Note

When you use the Effective Log Search & Analytics, an additional fee will be charged.

After completing the settings, click [Next].

3. Blocking policy settings

Set the blocking policy to meet the app characteristics.

Blocking policy: Set the blocking conditions based on the detection types provided by App Safer.

To reuse the blocking policy applied to another app, click [Import].

Blocking policy	Description
Rooting	The app detects and blocks the rooting (an act of a user to forcefully acquire the super user permissions for the operating system) of the device being run.
Emulator	When the app is run on a virtual machine such as an emulator and simulator, it is blocked.
Debugging	When the app is being executed, debugging (the act of accessing the app process to perform dynamic analysis) by a third party is detected and blocked.
Speedhack	When a system time manipulation act occurs by a third party when the app is being executed, it is blocked.
Memory Tampered	When the app is being executed, the memory tampering or code tampering act by a third party is detected and blocked.
App Integrity Tampered	The app tampering by a third party is detected and blocked.
Unauthorized Signature	An unauthorized app signature is detected and blocked.
Malware threat	Malicious code threats are detected and blocked (blocking policies can be configured based on LOW, MEDIUM, or HIGH detection levels).

Detection message: Set the message to be displayed when the app execution is blocked by policy.
- The message entered into DEFAULT is displayed on all mobile devices using the app.
- To set the message for each language, select the language code of the message in Language, prepare the message content in Message, and click [Add] to register it.
Emulator Compatibility: Set the compatibility support to address issues that occur when apps are run on some emulators.

After completing the settings, click [Next].

4. Final confirmation

After checking the set details, click [Register].

Note

It may take several minutes to register the app. When the registration is complete and the operation has started, In operation (app fingerprints collection) is displayed on the status column of the app list.

SDK integrations

To apply App Safer by SDK integration, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Security > App Safer.
Click [Register apps].
Proceed with the next steps in order on the Register apps interface.

1. Enter application information

Enter the app registration information to protect. The items to be entered are as follows:

Version: Select the version of App Safer you want to apply. For changes per version, see App Safer release notes.
OS: Select the app mobile operating system.
Application method: Select SDK integrations.
Package name: Enter the package name for the Android app and the bundle ID for the iOS app.
- Must be between 3-99 characters, including English letters, numbers, and hyphens, and must start with an English letter.
App version: Enter the app version.
- It must be between 3-30 characters.
Memo: Enter a memo of less than 255 characters, if needed.

Note

You cannot change the package name afterwards, so enter the same package name of the actually deployed app.

Enter all the required information and click [Next].

2. Blocked device collection settings

For collecting and managing information of mobile devices detected in the blocking policy, select whether to integrate with Effective Log Search & Analytics.

The basic collection and statistics functions are provided regardless of the connection status.
If you want to use additional statistical data through Kibana, agree to the use of Effective Log Search & Analytics (ELSA). Once you agree, an ELSA project where you can view App Safer logs is automatically created.
Click the to move to the portal's Effective Log Search & Analytics introduction page.

Note

When you use the Effective Log Search & Analytics, an additional fee will be charged.

After completing the settings, click [Next].

3. Blocking policy settings

Set the blocking policy to meet the app characteristics.

Blocking policy: Set the blocking conditions based on the detection types provided by App Safer.
- To reuse the blocking policy applied to another app, click [Import].
- Android app's blocking policy
Blocking policy Description

Rooting

Emulator

Debugging

Speedhack

Memory Tampered

App Integrity Tampered

Unauthorized Signature

Malware threat
- iOS app's blocking policy
Blocking policy Description

Jailbreak

Simulator

Debugging

App Integrity Tampered

Unauthorized Signature
Detection message: Set the message to be displayed when the app execution is blocked by policy.
- The message entered into DEFAULT is displayed on all mobile devices using the app.
- To set the message for each language, select the language code of the message in Language, prepare the message content in Message, and click [Add] to register it.

Blocking policy	Description
	Rooting
	Emulator
	Debugging
	Speedhack
	Memory Tampered
	App Integrity Tampered
	Unauthorized Signature
	Malware threat

Blocking policy	Description
	Jailbreak
	Simulator
	Debugging
	App Integrity Tampered
	Unauthorized Signature

After completing the settings, click [Next].

4. Final confirmation

After checking the set details, click [Register].

Note

View app list

To view the created app list, follow these steps:

Note

You can see the list if you have 1 or more apps created. If you don't have any app that has been created, then the list is not displayed in the App Management interface.

From the NAVER Cloud Platform console, navigate to > Services > Security > App Safer.
When the App list appears, check the summary or click an app to check the detailed information.
- Package name: App package name.
- OS: The app mobile operating system.
- App version: The applied App Safer version.
- Memo: The memo entered when the app was registered.
- Registration date: The date and time the app was registered.
- Status: The current app status.
  - In operation: The status in which the app can operate normally.
  - In operation (app fingerprints collection): The status in which App Safer allows app fingerprints collection and is operating. Even with the app fingerprint detection policy, the fingerprint is automatically registered.
  - Stopped: The status in which the app has been stopped by the user. You can restart it.
  - Registering: The status in which App Safer is being applied.
  - Registration failed: The status in which the App Safer application failed.
- Download: Click [APP] or [SDK] and download the app or SDK.
- App Safer key: The authentication key that can be used for initialization and connection services for App Safer SDKs.
- Registration settings: Click [View details] to display the app information and ELSA integration. You can download the script for requesting for the open API and dump files.
- App fingerprint registered: Set whether to collect app fingerprints.
  - When it is set to Collect, the app status is changed to In operation (app fingerprints collection). Even if the app fingerprint detection policy is set, app is not blocked, and the name of the app fingerprint and the fingerprint value are collected and displayed.
    - The name of app fingerprint is collected according to the criteria for each operating system, and the app fingerprint value is automatically registered as the unique value according to the app execution.
    - After the App Safer is applied and the test is completed, you need to change the app fingerprint collection status to Not collecting.
  - When it is set to Not collecting, the app status is changed to In operation. If the app fingerprint detection policy is set, the app is blocked when the conditions are met.
- Blocking policy: Set the blocking policy details. You can click [Set] and edit the policy and message.
- Detection message: Set the detection message details.

Downloading apps/SDKs

To download the app or SDKs with App Safer applied, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Security > App Safer.
Click [APP] or [SDK] on the download column of the item to downloaded it to the app list.
When the popup window appears, click [Download app] or [Download SDK].
- The AAB/APK-type app or the AAR-type SDK is downloaded to the local PC.
- When downloading the SDK, copy the App Safer Key appearing together on the popup window. It is needed when integrating SDKs.
- If you have downloaded the app, sign in the app before running it on the mobile device.

App signature

The AAB/APK files with App Safer applied by the simple application method can be run on a mobile device only when they are signed with a developer signature.
Sign it by using apksigner or jarsigner.

apksigner

apksigner sign --ks <keystore_file_path> --ks-key-alias <keystore_alias> --out <output_apk_path> <input_apk_path>

apksigner sign --ks /Users/AppSafer/Keystore/appsafer.keystore --ks-key-alias appsafer --out com.navercloud.appsafer_signed.apk com.navercloud.appsafer.apk

jarsigner

After signing, you need to align the files using zipalign.

jarsigner -verbose -keystore <keystore_apk_path> <input_apk_path> <keystore_alias>
zipalign -p 4 <input_apk_path> <output_apk_path>

jarsigner -verbose -keystore /Users/AppSafer/Keystore/appsafer.keystore com.navercloud.appsafer.apk appsafer
zipalign -p 4 com.navercloud.appsafer.apk com.navercloud.appsafer_aligned.apk

App Safer applied app test quickstart

After signing, you can install and execute an app with App Safer on a mobile device.

Note

If the app does not execute properly, check the settings below.

View app status
The app should be operational (app fingerprint collected) to start without restrictions. If the app is stopped, it cannot be executed.
Verify registered app fingerprint data.
If the mobile device is in an environment where it can communicate with the App Safer Server, app fingerprints are collected upon execution of the application of App Safer app and are viewable on the NCP console. If the mobile device is in an environment with limited connectivity (such as a closed network), fingerprints are not collected.
In an offline environment without communication with the App Safer Server, the App Safer offline blocking policy is enabled. The App Safer offline blocking policy is an App Safer specification that enables all blocking features; if a threat is detected, a "terminated by offline policy" Toast message displays, and the device is blocked.
Check whether the registered app is collecting fingerprints.
Upon executing the application of App Safer, app fingerprints are automatically collected and displayed in the registered app fingerprint component on the NCP console. To restrict the applied App Safer app to only allow fingerprints displayed in the registered app fingerprint component, change the collection status to "Uncollected." (Enable the Unauthorized Signature policy to detect uncollected users.) The "Collected" status allows any app fingerprint to execute.

Additionally, you can detect the mobile device environment based on the configured blocking policy on the NCP console. To prevent the use of the app on detected devices, see App Management > 3. Blocking policy settings guide for detailed instructions on configuring Toast blocking policies.
You can also change the Toast message displayed upon blocking during the app registration step.

Stop the app and restart it.

To stop an app in operation or restart a stopped app, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Security > App Safer.
Select the app to stop or restart from the app list, and click [Stop] or [Start].
When the popup window appears, click [Stop] or [Start].
- The app status is changed right away.

Edit blocking policy

To edit the registered blocking policy or the detection message, follow these steps:

From the NAVER Cloud Platform console, navigate to > Services > Security > App Safer.
Click the app to edit the blocking policy or message on the app list, and click [Set] in the expanded details of Blocking policy.
In the blocking policy settings popup window, edit the blocking policy or the detection message.
- You can set or release the settings for individual blocking policy.
- To reflect the policy applied to another app in the same way, click [Import] and select the policy to import.
- For the detection message, you can delete the message registered or add another message excluding the DEFAULT value.
When editing is complete, click [OK].

Delete the app

To delete the registered app, follow these steps:

Note

You can only delete a stopped app. To delete an app in operation, first stop the app.
You cannot recover the app after deleting it, and the app won't be run on any and all devices with the deleted app installed.

From the NAVER Cloud Platform console, navigate to > Services > Security > App Safer.
Select the app to delete from the app list, and then click [Delete].
From the delete popup window, click [Delete].
- The app is deleted and disappears from the app list.

Note

If a problem occurs during the task, contact us through Customer Support.