# Basic Configuration
# Overview
AppSealing CLI tool is jar file which can uplo your APK/AAB and download it with AppSealing module installed. You can use all configuration via command line which was visible in web console.
# CLI tool Options
This is the list of the available options when using sealing.jar file.
| Option | Description | Available Values | Required | Default Value |
|---|---|---|---|---|
| ‑url | AppSealing API URL (DO NOT CHANGE this) | https://api.appsealing.com/covault/gw | Required | |
| ‑authkey | Your account`s auth key. You can find this key at the CLI tool download page. | Provided separately | Required | |
| ‑srcapk | Source APK or App Bundle file which you need protect | file path of created APK or AAB | Required | |
| ‑sealedapk | Destination path including sealed file`s name which you need to download | file path of sealed APK or AAB | Required | |
| ‑app_type | Your app's type for optimized sealing | GAME, NON_GAME | Optional | GAME |
| ‑service_type | AppSeling Hybrid has different version management, so if you are uploading Hybrid app such as ReactNative, Ionic, Cordova, you should put HYBRID_AOS here. | NATIVE_AOS, HYBRID_AOS | Optional | NATIVE_AOS |
| ‑framework | This option is required when you are uploading HYBRID_AOS app. | REACT_NATIVE, IONIC, CORDOVA | Optional | |
| ‑service_version | AppSealing service version | latest or specific version like 2.31.0.0 | Optional | latest |
| ‑deploymode | Test mode will show AppSealing watermark but you can test without any limit. Release mode will remove watermark, but it's MAD will be calculated as payed usage. | test, release | Optional | test |
| ‑dex_encrypt | You can encrypt classes.dex files. | yes, no | Optional | no |
| ‑select_dex_encrypt | After set yes for ‑dex_encrypt option, you can enable this option to yes. Before use this option, you need to register class or package of your Android code at AppSealing console. | yes, no | Optional | no |
| ‑block_environment | You can block Rooting or Emulator environement at this option. You can use multiple options with comma. | rooting, emulator | Optional | |
| ‑allow_emulator | You can allow specific emulators after blocking emulators at above option. You can use multiple options with comma. | LDPlayer, BlueStacks, Nox | Optional | |
| ‑block_work_profile | You can block app launch from work profile environment such as Secure Folder | yes, no | Optional | yes |
| ‑allow_work_profiles | You can allow exeptional work profiles when above option is set yes | Samsung SecureFolder | Optional | |
| ‑use_query_all_packages | With this permission, AppSealing can detect |
cheat tools which change their package_name,
but need to submit a form to Google Play
Console and get approved to upload the app on
Google Play Console.
To check the details, please visit our help
center page.
Read Help center guide (opens new window)|yes, no|Optional|no|
|‑block_keylogger|You can block keylogger apps which hide on end‑user smartphone and capture the key log information.|yes, no|Optional|no|
|‑hide_overlay_windows|You can block external app's UI overlay on your application to avoid unexpected manipulation. This option will work from Android 12 devices.|yes, no|Optional|no|
|‑block_screen_capture|When any screen mirroring or capturing app is trying to hijack an app's screen, it will only get a black screen. But this will not send any hacking
detection report, and will not quit the app.|yes, no|Optional|no|
|‑allow_external_tool|Macro(Auto clicker) and Packet attack tools are blocked by default. You can allow these tool by using this option.
You can use multiple options with comma.|macro, sniff|Optional||
|‑block_developer_options|You can block app execution from a smartphone with Developer options enabled.|yes, no|Optional|no|
|‑block_usb_debugging|You can block app execution form a smartphone with USB Debugging enabled|yes, no|Optional|yes|
|‑wifi_security_protocol|You can collect smartphone's current Wi-Fi security protocol information such as WEP,WPA. When you enable this option, android.permission.ACCESS_WIFI_STATE is added to your application|collect, disable|Optional|disable|
|‑app_signing|After AppSealing, app's signature is disabled. To install sealed app on smartphone, you need to sign your sealed APK or AAB manually or using this option. You can use registered_key option after register your keystore on AppSealing console|none, appsealing_key, registered_key|Optional|none|
# Example usage with simple options
Example command line When you apply AppSealing on your App bundle with only using required options. All not mentioned options will be automatically applied as default values.
$ java -jar sealing.jar -url https://api.appsealing.com/covault/gw -authkey 123456789ABCDE -srcapk app-release.aab -sealedapk app-release-sealed.aab
# Example usage with enabling all options
Example command line When you apply AppSealing on your App bundle with only using required options.
$ java -jar sealing.jar -url https://api.appsealing.com/covault/gw -authkey 123456789ABCDE -srcapk app-release.aab -sealedapk app-release-sealed.aab -app_type GAME -service_type NATIVE_AOS -service_version 2.31.0.0 -deploymode test -dex_encrypt yes -select_dex_encrypt yes -block_environment rooting,emulator -allow_emulator LDPlayer,Bluestacks,Nox -block_work_profile yes -allow_work_profiles 'Samsung SecureFolder' -block_keylogger yes -hide_overlay_windows yes -allow_external_tool macro,sniff -app_signing registered_key
# Run sealing.jar using the config.txt file
You can run CLI tool file with below option, and can manage all options at config.txt file.
$ java -jar sealing.jar -config ./config.txt
# config.txt file
###############################################
### AppSealing CLI Tool Parameter #####
###############################################
# Sealing API URL (Don't change this)
url=https://api.appsealing.com/covault/gw
# AppSealing Authentication Key (Enterprise authentication key)
authkey=
# Original source APK/AAB file path (File path of original APK/AAB)
srcapk=
# Sealed APK/AAB file path (Save path for Sealed APK/AAB)
sealedapk=
# Deploy mode { release | test }
deploymode=
# Emulator and root device option { emulator, rooting }
block_environment=
# Allow emulator exceptionally when you block emulators { BlueStacks, Nox, LDPlayer, ...}
allow_emulator=
# Allow apps to run in environments with external tools installed option { macro, sniff }
allow_external_tool=
# Work profile block option( yes | no )
block_work_profile=
# Allow Work profile exceptionally when you block workprofiles set yes.( Samsung SecureFolder )
allow_work_profiles=
# Allow apps to run in environments with keylogger installed { yes | no }
block_keylogger=
# DEX encryption option { yes | no }
dex_encrypt=
# Enable to select partial dex encryption option { yes | no }
select_dex_encrypt=
# Target service version
# Hybrid versions are different from Native service, you need to check avaiable version first.
service_version=
# Select your app`s type for more optimized sealing { GAME | NON_GAME }
app_type=
# AppSealing service type (Required for Hybrid) { NATIVE_AOS | HYBRID_AOS } ( default : NATIVE_AOS )
service_type=
# App Build Framework (Required for Hybrid) { REACT_NATIVE | IONIC | CORDOVA }
Framework=
# App Signing Option for sealing app { none | appsealing_key | registered_key } (default : none)
# none : AppSealing has been applied, but it has not been signed. In order to install it on the device or distribute ito the store, developer must sign it with a signing key.
# appsealing_key : AppSealing is applied and signed with the debug key. The signed app can be installed on the device and tested during development (evaluation) stage, but in order to distribute it to the store, developer must use the signed app with the distribution key. In case of AAB package, this option applies as ‘none’ value and the app is unsigned.
# registered_key : AppSealing is applied and signed with a pre-registered key. To use this option, developer must pre-register the key to be used for app-signing in the AppSealing Developer Console (ADC). Developers can download signed app that with distribution signing key.
#You can upload 'upload-key' of your project if you are using Google Play Signing
app_signing=
# Example of config.txt for Native AppSealing
Native app: App build with general Android Studio, Flutter, Unity, or Unreal engine. Ex) Using execution script only for srcapk and sealedapk parameter and the rest for configuration file in Windows,
java -jar sealing.jar -config config.txt -srcapk app-release.apk -sealedapk app-release-sealed.apk
Ex) Settings in Config.txt
###############################################
### AppSealing CLI Tool Parameter #####
###############################################
# Sealing API URL
url=https://api.appsealing.com/covault/gw
# AppSealing Authentication Key (Authentication key)
authkey=123456789ABCDE
# Deploy mode { release | test }
deploymode=release
# Emulator and root device option { emulator, rooting }
block_environment=emulator, rooting
# Allow emulator exceptionally when you block emulators { BlueStacks, Nox, LDPlayer, ...}
allow_emulator=BlueStacks, Nox, LDPlayer
# Work profile block option( yes, no )
block_work_profile=yes
# Allow work profiles exceptionally when you block work profiles { Google FamilyLink, Samsung SecureFolder}
allow_work_profiles=Samsung SecureFolder
# Allow apps to run in environments with keylogger installed { yes, no }
block_keylogger=no
# Allow apps to run in environments with external tools installed option { macro, sniff }
allow_external_tool=macro, sniff
# DEX encryption option { no | yes }
dex_encrypt=no
# Enable to select partial dex encryption option { no | yes }
select_dex_encrypt=no
# Sealing service version
service_version={native version number}
# App_type { GAME | NON_GAME }
app_type={app_type}
# App Signing Option for sealed app {none | appsealing_key | registered_key } (default : none)
app_signing=none
Notice: For Windows Platform, double file separator must be used in path configuration with config.txt. Ex) D:\AppSealing\sealing.jar
# Example of config.txt for Hybrid AppSealing
Hybrid app: App built with ReactNative, Ionic or Cordova.
Ex) Using execution script only for srcapk and sealedapk parameter and the rest for configuration file in Windows, for ReactNative app.
java -jar sealing.jar -config config.txt -srcapk app-release.apk -sealedapk app-release-sealed.apk
Ex) Settings in Config.txt
###############################################
### AppSealing CLI Tool Parameter #####
###############################################
# Sealing API URL
url=https://api.appsealing.com/covault/gw
# AppSealing Authentication Key (Enterprise authentication key)
authkey=123456789ABCDE
# AppSealing service type { NATIVE_AOS | HYBRID_AOS } ( default : NATIVE_AOS )
service_type=HYBRID_AOS
# App’s Framework { REACT_NATIVE | IONIC | CORDOVA }
framework=REACT_NATIVE
# Deploy mode { release | test }
deploymode=release
# Emulator and root device option { emulator, rooting }
block_environment=emulator, rooting
# Allow emulator exceptionally when you block emulators { BlueStacks, Nox, LDPlayer, ...}
allow_emulator=BlueStacks, Nox, LDPlayer
# Work profile block option( yes, no )
block_work_profile=no
# Allow apps to run in environments with keylogger installed { yes, no }
block_keylogger=no
# Allow apps to run in environments with external tools installed option { macro, sniff }
allow_external_tool=macro, sniff
# DEX encryption option { no | yes }
dex_encrypt=no
# Enable to select partial dex encryption option { no | yes }
select_dex_encrypt=no
# Sealing service version ( AppSealing’s hybrid version is different from native security service’s)
service_version={hybrid version number}
# App_type { GAME | NON_GAME }
app_type={app_type}
# App Signing Option for sealed app {none | appsealing_key | registered_key } (default : none)
app_signing=none
Notice: For Windows Platform, double file separator must be used in path configuration. Ex) D:\AppSealing\sealing.jar