Basic Configuration
DoveRunner Mobile App Security CLI tool is jar file which can upload your APK/AAB and download it with DoveRunner Mobile App Security module installed. You can use all configuration via command line which was visible in web console.
CLI tool Options
Section titled “CLI tool Options”This is the list of the available options when using sealing.jar file.
| Option | Description | Available Values | Required | Default Value |
|---|---|---|---|---|
| ‑url | DoveRunner Mobile App Security API URL (DO NOT CHANGE this) | https://api.appsealing.com/covault/gw | Required | |
| ‑authkey | Your account`s auth key. You can find this key at the CLI tool download page. | Provided separately | Required | |
| ‑srcapk | Source APK or App Bundle file which you need protect | file path of created APK or AAB | Required | |
| ‑sealedapk | Destination path including sealed file`s name which you need to download | file path of sealed APK or AAB | Required | |
| ‑app_type | Your app’s type for optimized sealing | GAME, NON_GAME | Optional | GAME |
| ‑service_type | DoveRunner Mobile App Security Hybrid has different version management, so if you are uploading Hybrid app such as ReactNative, Ionic, Cordova, you should put HYBRID_AOS here. | NATIVE_AOS, HYBRID_AOS | Optional | NATIVE_AOS |
| ‑framework | This option is required when you are uploading HYBRID_AOS app. | REACT_NATIVE, IONIC, CORDOVA | Optional | |
| ‑service_version | DoveRunner Mobile App Security service version | latest or specific version like 2.31.0.0 | Optional | latest |
| ‑deploymode | Test mode will show DoveRunner Mobile App Security watermark but you can test without any limit. Release mode will remove watermark, but it’s MAD will be calculated as payed usage. | test, release | Optional | test |
| ‑dex_encrypt | You can encrypt classes.dex files. | yes, no | Optional | no |
| ‑select_dex_encrypt | After set yes for ‑dex_encrypt option, you can enable this option to yes. Before use this option, you need to register class or package of your Android code at DoveRunner Mobile App Security console. | yes, no | Optional | no |
| ‑block_environment | You can block Rooting or Emulator environement at this option. You can use multiple options with comma. | rooting, emulator | Optional | |
| ‑allow_emulator | You can allow specific emulators after blocking emulators at above option. You can use multiple options with comma. | LDPlayer, BlueStacks, Nox | Optional | |
| ‑block_work_profile | You can block app launch from work profile environment such as Secure Folder | yes, no | Optional | yes |
| ‑allow_work_profiles | You can allow exeptional work profiles when above option is set yes | Samsung SecureFolder | Optional | |
| ‑use_query_all_packages | With this permission, DoveRunner Mobile App Security can detect cheat tools which change their package_name, but need to submit a form to Google Play Console and get approved to upload the app on Google Play Console. To check the details, please visit our help center page. Read Help center guide | yes, no | Optional | no |
| ‑block_keylogger | You can block keylogger apps which hide on end‑user smartphone and capture the key log information. | yes, no | Optional | no |
| ‑hide_overlay_windows | You can block external app’s UI overlay on your application to avoid unexpected manipulation. This option will work from Android 12 devices. | yes, no | Optional | no |
| ‑block_screen_capture | When any screen mirroring or capturing app is trying to hijack an app’s screen, it will only get a black screen. But this will not send any hacking detection report, and will not quit the app. | yes, no | Optional | no |
| ‑allow_external_tool | Macro(Auto clicker) and Packet attack tools are blocked by default. You can allow these tool by using this option. You can use multiple options with comma. | macro, sniff | Optional | |
| ‑block_developer_options | You can block app execution from a smartphone with Developer options enabled. | yes, no | Optional | no |
| ‑block_usb_debugging | You can block app execution form a smartphone with USB Debugging enabled | yes, no | Optional | yes |
| ‑wifi_security_protocol | You can collect smartphone’s current Wi-Fi security protocol information such as WEP,WPA. When you enable this option, android.permission.ACCESS_WIFI_STATE is added to your application | collect, disable | Optional | disable |
| ‑app_signing | After DoveRunner Mobile App Security, app’s signature is disabled. To install sealed app on smartphone, you need to sign your sealed APK or AAB manually or using this option. You can use registered_key option after register your keystore on DoveRunner Mobile App Security console | none, appsealing_key, registered_key | Optional | none |
Example usage with simple options
Section titled “Example usage with simple options”Example command line When you apply DoveRunner Mobile App Security on your App bundle with only using required options. All not mentioned options will be automatically applied as default values.
$ java -jar sealing.jar -url https://api.appsealing.com/covault/gw -authkey 123456789ABCDE -srcapk app-release.aab -sealedapk app-release-sealed.aabExample usage with enabling all options
Section titled “Example usage with enabling all options”Example command line When you apply DoveRunner Mobile App Security on your App bundle with only using required options.
$ java -jar sealing.jar -url https://api.appsealing.com/covault/gw -authkey 123456789ABCDE -srcapk app-release.aab -sealedapk app-release-sealed.aab -app_type GAME -service_type NATIVE_AOS -service_version 2.31.0.0 -deploymode test -dex_encrypt yes -select_dex_encrypt yes -block_environment rooting,emulator -allow_emulator LDPlayer,Bluestacks,Nox -block_work_profile yes -allow_work_profiles 'Samsung SecureFolder' -block_keylogger yes -hide_overlay_windows yes -allow_external_tool macro,sniff -app_signing registered_keyRun sealing.jar using the config.txt file
Section titled “Run sealing.jar using the config.txt file”You can run CLI tool file with below option, and can manage all options at config.txt file.
$ java -jar sealing.jar -config ./config.txtconfig.txt file
Section titled “config.txt file”################################################## DoveRunner Mobile App Security CLI Tool Parameter ####################################################
# Sealing API URL (Don't change this)url=https://api.appsealing.com/covault/gw
# DoveRunner Mobile App Security Authentication Key (Enterprise authentication key)authkey=
# Original source APK/AAB file path (File path of original APK/AAB)srcapk=
# Sealed APK/AAB file path (Save path for Sealed APK/AAB)sealedapk=
# Deploy mode { release | test }deploymode=
# Emulator and root device option { emulator, rooting }block_environment=
# Allow emulator exceptionally when you block emulators { BlueStacks, Nox, LDPlayer, ...}allow_emulator=
# Allow apps to run in environments with external tools installed option { macro, sniff }allow_external_tool=
# Work profile block option( yes | no )block_work_profile=
# Allow Work profile exceptionally when you block workprofiles set yes.( Samsung SecureFolder )allow_work_profiles=
# Allow apps to run in environments with keylogger installed { yes | no }block_keylogger=
# DEX encryption option { yes | no }dex_encrypt=
# Enable to select partial dex encryption option { yes | no }select_dex_encrypt=
# Target service version# Hybrid versions are different from Native service, you need to check avaiable version first.service_version=
# Select your app`s type for more optimized sealing { GAME | NON_GAME }app_type=
# DoveRunner Mobile App Security service type (Required for Hybrid) { NATIVE_AOS | HYBRID_AOS } ( default : NATIVE_AOS )service_type=
# App Build Framework (Required for Hybrid) { REACT_NATIVE | IONIC | CORDOVA }Framework=
# App Signing Option for sealing app { none | appsealing_key | registered_key } (default : none)# none : DoveRunner Mobile App Security has been applied, but it has not been signed. In order to install it on the device or distribute ito the store, developer must sign it with a signing key.# appsealing_key : DoveRunner Mobile App Security is applied and signed with the debug key. The signed app can be installed on the device and tested during development (evaluation) stage, but in order to distribute it to the store, developer must use the signed app with the distribution key. In case of AAB package, this option applies as 'none' value and the app is unsigned.# registered_key : DoveRunner Mobile App Security is applied and signed with a pre-registered key. To use this option, developer must pre-register the key to be used for app-signing in the DoveRunner Mobile App Security Developer Console (ADC). Developers can download signed app that with distribution signing key.#You can upload 'upload-key' of your project if you are using Google Play Signingapp_signing=Example of config.txt for Native DoveRunner Mobile App Security
Section titled “Example of config.txt for Native DoveRunner Mobile App Security”Native app: App build with general Android Studio, Flutter, Unity, or Unreal engine. Ex) Using execution script only for srcapk and sealedapk parameter and the rest for configuration file in Windows,
java -jar sealing.jar -config config.txt -srcapk app-release.apk -sealedapk app-release-sealed.apkEx) Settings in Config.txt
################################################## DoveRunner Mobile App Security CLI Tool Parameter ##################################################### Sealing API URLurl=https://api.appsealing.com/covault/gw
# DoveRunner Mobile App Security Authentication Key (Authentication key)authkey=123456789ABCDE
# Deploy mode { release | test }deploymode=release
# Emulator and root device option { emulator, rooting }block_environment=emulator, rooting
# Allow emulator exceptionally when you block emulators { BlueStacks, Nox, LDPlayer, ...}allow_emulator=BlueStacks, Nox, LDPlayer
# Work profile block option( yes, no )block_work_profile=yes
# Allow work profiles exceptionally when you block work profiles { Google FamilyLink, Samsung SecureFolder}allow_work_profiles=Samsung SecureFolder
# Allow apps to run in environments with keylogger installed { yes, no }block_keylogger=no
# Allow apps to run in environments with external tools installed option { macro, sniff }allow_external_tool=macro, sniff
# DEX encryption option { no | yes }dex_encrypt=no
# Enable to select partial dex encryption option { no | yes }select_dex_encrypt=no
# Sealing service versionservice_version=\\{native version number\\}
# App_type { GAME | NON_GAME }app_type=\\{app_type\\}
# App Signing Option for sealed app {none | appsealing_key | registered_key } (default : none)app_signing=noneNotice: For Windows Platform, double file separator must be used in path configuration with config.txt. Ex) D:\DoveRunner Mobile App Security\sealing.jar
Example of config.txt for Hybrid DoveRunner Mobile App Security
Section titled “Example of config.txt for Hybrid DoveRunner Mobile App Security”Hybrid app: App built with ReactNative, Ionic or Cordova.
Ex) Using execution script only for srcapk and sealedapk parameter and the rest for configuration file in Windows, for ReactNative app.
java -jar sealing.jar -config config.txt -srcapk app-release.apk -sealedapk app-release-sealed.apkEx) Settings in Config.txt
################################################## DoveRunner Mobile App Security CLI Tool Parameter ##################################################### Sealing API URLurl=https://api.appsealing.com/covault/gw
# DoveRunner Mobile App Security Authentication Key (Enterprise authentication key)authkey=123456789ABCDE
# DoveRunner Mobile App Security service type { NATIVE_AOS | HYBRID_AOS } ( default : NATIVE_AOS )service_type=HYBRID_AOS
# App's Framework { REACT_NATIVE | IONIC | CORDOVA }framework=REACT_NATIVE
# Deploy mode { release | test }deploymode=release
# Emulator and root device option { emulator, rooting }block_environment=emulator, rooting
# Allow emulator exceptionally when you block emulators { BlueStacks, Nox, LDPlayer, ...}allow_emulator=BlueStacks, Nox, LDPlayer
# Work profile block option( yes, no )block_work_profile=no
# Allow apps to run in environments with keylogger installed { yes, no }block_keylogger=no
# Allow apps to run in environments with external tools installed option { macro, sniff }allow_external_tool=macro, sniff
# DEX encryption option { no | yes }dex_encrypt=no
# Enable to select partial dex encryption option { no | yes }select_dex_encrypt=no
# Sealing service version ( DoveRunner Mobile App Security's hybrid version is different from native security service's)service_version=\\{hybrid version number\\}
# App_type { GAME | NON_GAME }app_type=\\{app_type\\}
# App Signing Option for sealed app {none | appsealing_key | registered_key } (default : none)app_signing=noneNotice: For Windows Platform, double file separator must be used in path configuration. Ex) D:\DoveRunner Mobile App Security\sealing.jar