Legal Tech App Safeguards Users and Atrocity Crime Evidence Using DexGuard

The Company

Founded in 2015, this Legal Tech non-profit organization offers a convenient and secure Android app to gather, validate, and safeguard digital evidence of war crimes, crimes against humanity, genocide, and other human rights violations. It was developed to ensure that human rights defenders, who often go to great risks to obtain crime evidence, are not doing so in vain by ensuring that the data collected can be used for accountability purposes.

The app allows users to document and capture visual and audio footage, complete with permanent metadata such as precise geographic location and timestamps. These encrypted digital records can then be sent to a secure remote server to be reviewed by legal professionals to be used in domestic and international judicial proceedings. In 2022, the organization saw a 300% increase in total photos, videos, and audio of potential crime footage captured and submitted using the app. The app is now widely used by activists in more than 20 countries.

“Our users often face challenges and danger in gathering potential criminal footage we needed our Android app to be as secure as possible to ensure the evidentiary value of the obtained footage, so the data can be leveraged in the legal proceedings.”

– Director, Human rights legal tech organization

The Challenge

Given the sensitive nature of the app’s purpose in collecting potential criminal evidence, the organization had to safeguard the app against unauthorized access to the app’s internal logic. Failing to do so could compromise the integrity of the collected footage. Because of the sensitivity of the data being collected using the app, the app users could be in danger if their device with an insufficiently protected app ended up in the wrong hands.

"We needed to ensure that our app which collects, stores, and processes atrocity crime evidence cannot be reverse-engineered and tampered with. This is both to ensure the integrity and validity of the footage as well as the safety of our users."

— Director, Human rights legal tech organization

The organization understood that without proper security controls, their app would be vulnerable to both static and dynamic attacks. Using a variety of techniques, threat actors would be able to understand how the app works, modify its behavior, and, most concerningly, access, modify, or even fake captured footage and its associated metadata. They needed to apply advanced protection mechanisms to ensure that their app could be trusted by the user, legal professionals, and the judicial system. The organization also knew that building an in-house solution was not a viable option as it would require too much valuable time and resources.

The Solution

After doing their due diligence and talking with the security agency they work with, they determined that DexGuard was the best solution to their problem. The organization chose Guardsquare mainly because of its reputation as the leading provider of mobile application code hardening solutions. This decision was also backed by the pentesters and cybersecurity experts they work with.

"Based on our research and the conversation we had with our partners, it was clear that Guardsquare would be able to solve the challenges we were facing. On top of their major presence in the highly regulated financial industry, their good reputation made them an obvious choice. "

— Director, Human rights legal tech organization

The organization was drawn to the number of code hardening and runtime protection features DexGuard offers by default: from name obfuscation, and control flow obfuscation, all the way to root and debugger detection. These features would be able to help them protect the sensitive parts of their code and prevent attackers from being able to understand, decompile, access sensitive data/footage, and modify the app's behavior.

The Results

Implementing DexGuard allowed the organization to save valuable time and resources in ensuring the security of their mobile application as compared to having to research the constantly evolving attack landscape and build an in-house solution. The organization was able to fully implement DexGuard into their Android application, pass the required penetration testing, and publish the protected version of the app in one week. The development team also reported no impact on the app performance, allowing them to improve their security posture while maintaining their user experience.

"In a week, we were able to implement, test, and deploy our now-protected Android app. We saw no slowdown or any detrimental impact on app performance. Both Crashlytics and customer feedback back this up. "

— Director, Human rights legal tech organization

The organization is fully confident that threat actors will not be able to compromise the app integrity, ensuring the security of the evidence captured, stored, and processed by the app. Most importantly, they now have the peace of mind that their users’ risky efforts in gathering invaluable footage will not go to waste.

Guardsquare offers the most complete approach to mobile application security on the market. Guardsquare's software integrates seamlessly across the development cycle: from app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication.

More than 900 customers worldwide across all major industries rely on Guardsquare to help them identify security risks and protect their mobile applications against reverse engineering and tampering.