Android Application Security Hardening and Anti‑Cheat Practices for the 58 Daojia Work Client

The 58 Daojia work client is a B2B tool for household service personnel; as cheating behaviors emerged, order fairness and system security were threatened, prompting a comprehensive security hardening effort.

Basic protection strategies include code obfuscation (using ProGuard in build.gradle ), resource obfuscation, and signature protection. Enabling minifyEnabled true and specifying ProGuard rules replace class, method, and field names with meaningless strings, making reverse‑engineered code hard to understand and reducing APK size.

// 主工程 build.gradle
android {
    buildTypes {
        release {
            // 配置release包的签名
            signingConfig signingConfigs.key
            // 混淆是否开启 [true 开启 、 false 不开启]
            minifyEnabled true
            // 配置混淆规则文件
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }
    }
}

Signature protection ensures that only the original signed APK can run. By verifying the app’s certificate hash in native C/C++ code (via JNI), attackers cannot simply re‑sign a modified APK without breaking upgrade compatibility.

Emulator detection checks for known emulator files, system properties, and virtual device characteristics to block virtual‑location cheating.

Root detection scans for su binaries, uses which su , reads build.prop tags, and checks for Magisk or Superuser APKs. Example Kotlin code:

object CheatDetection {
    private val superUserDictionaryPath = arrayOf(
        "/system/bin/su", "/system/xbin/su", "/system/sbin/su", "/sbin/su",
        "/vendor/bin/su", "/su/bin/su", "/data/local/xbin/su", "/data/local/bin/su",
        "/system/sd/xbin/su", "/system/bin/failsafe/su", "/data/local/su"
    )

    fun suAvailable(): Boolean {
        try {
            for (path in superUserDictionaryPath) {
                val file = File(path)
                if (file.exists() || file.canExecute()) {
                    Log.e("Root检测", "命中path: ${file.absolutePath}")
                    return true
                }
            }
        } catch (e: Exception) {
            e.printStackTrace()
        }
        return false
    }
}

val process = Runtime.getRuntime().exec(arrayOf("/system/xbin/which", "su"))

Anti‑hook detection looks for Xposed, Frida, and other hooking frameworks by inspecting loaded modules and known class names.

Advanced protection – Dex shell wraps the original APK in a protective shell that decrypts Dex files at runtime, loads them via a custom class loader, and replaces original Application entry points.

class ShellApplication : Application() {
    override fun attachBaseContext(base: Context) {
        super.attachBaseContext(base)
        // 1. 解压加固后apk.
        val unzipApk = unzipApk()
        // 2. 对dex文件进行解密操作
        unzipApk.forEach {
            if (it.name.endsWith(".dex")) {
                val originalBytes = decrypt(it.toBytes())
                FileOutputStream(it).apply {
                    write(originalBytes)
                    flush()
                    close()
                }
            }
        }
        // 3. 加载解密后的dex
        val dexFiles = unzipApk.findDex()
        DispatchByVersion.install(classLoader, dexFiles)
    }
}

DEX‑VMP (Virtual Machine Protection) transforms selected methods into custom bytecode executed by a handcrafted interpreter, preventing static analysis and dumping. Example opcode definition and interpreter skeleton:

enum OPCODES {
    MOV = 0xa0,
    XOR = 0xa1,
    CMP = 0xa2,
    RET = 0xa3,
    // ...
};

typedef struct processor_t {
    int r0; // virtual registers r0‑r15
    int r1;
    // ...
    int FP;
    int IP;
    char* SP;
    int LR;
    unsigned char* PC; // program counter
    int cpsr; // flags
    vm_opcode op_table[OPCODE_NUM];
} vm_processor;

void vm_CPU(vm_processor *proc, unsigned char* Vcode) {
    proc->PC = Vcode;
    while (*proc->PC != RET) {
        int flag = 0;
        int i = 0;
        while (!flag && i < OPCODE_NUM) {
            if (*proc->PC == proc->op_table[i].opcode) {
                flag = 1;
                proc->op_table[i].func((void*)proc);
            }
            i++;
        }
    }
}

The article concludes that after applying multiple generations of protection—static code/resource obfuscation, signature checks, emulator/root detection, and advanced Dex‑shell/DEX‑VMP—the 58 Daojia work client achieves a practical level of anti‑cheat security, and future work will explore building an in‑house hardening tool.