# Basic Configuration

# Overview

AppSealing CLI tool is jar file which can uplo your APK/AAB and download it with AppSealing module installed. You can use all configuration via command line which was visible in web console.

# CLI tool Options

This is the list of the available options when using sealing.jar file.

Option Description Available Values Required Default Value
‑url AppSealing API URL (DO NOT CHANGE this) https://api.appsealing.com/covault/gw Required
‑authkey Your account`s auth key. You can find this key at the CLI tool download page. Provided separately Required
‑srcapk Source APK or App Bundle file which you need protect file path of created APK or AAB Required
‑sealedapk Destination path including sealed file`s name which you need to download file path of sealed APK or AAB Required
‑app_type Your app's type for optimized sealing GAME, NON_GAME Optional GAME
‑service_type AppSeling Hybrid has different version management, so if you are uploading Hybrid app such as ReactNative, Ionic, Cordova, you should put HYBRID_AOS here. NATIVE_AOS, HYBRID_AOS Optional NATIVE_AOS
‑framework This option is required when you are uploading HYBRID_AOS app. REACT_NATIVE, IONIC, CORDOVA Optional
‑service_version AppSealing service version latest or specific version like 2.31.0.0 Optional latest
‑deploymode Test mode will show AppSealing watermark but you can test without any limit. Release mode will remove watermark, but it's MAD will be calculated as payed usage. test, release Optional test
‑dex_encrypt You can encrypt classes.dex files. yes, no Optional no
‑select_dex_encrypt After set yes for ‑dex_encrypt option, you can enable this option to yes. Before use this option, you need to register class or package of your Android code at AppSealing console. yes, no Optional no
‑block_environment You can block Rooting or Emulator environement at this option.
You can use multiple options with comma.
rooting, emulator Optional
‑allow_emulator You can allow specific emulators after blocking emulators at above option.
You can use multiple options with comma.
LDPlayer, BlueStacks, Nox Optional
‑block_work_profile You can block app launch from work profile environment such as Secure Folder yes, no Optional yes
‑allow_work_profiles You can allow exeptional work profiles when above option is set yes Samsung SecureFolder Optional
‑use_query_all_packages With this permission, AppSealing can detect cheat tools which change their package_name, but need to submit a form to Google Play Console and get approved to upload the app on Google Play Console. To check the details, please visit our help center page. Read Help center guide (opens new window) yes, no Optional no
‑block_keylogger You can block keylogger apps which hide on end‑user smartphone and capture the key log information. yes, no Optional no
‑hide_overlay_windows You can block external app's UI overlay on your application to avoid unexpected manipulation. This option will work from Android 12 devices. yes, no Optional no
‑block_screen_capture When any screen mirroring or capturing app is trying to hijack an app's screen, it will only get a black screen. But this will not send any hacking detection report, and will not quit the app. yes, no Optional no
‑allow_external_tool Macro(Auto clicker) and Packet attack tools are blocked by default. You can allow these tool by using this option.
You can use multiple options with comma.
macro, sniff Optional
‑block_developer_options You can block app execution from a smartphone with Developer options enabled. yes, no Optional no
‑block_usb_debugging You can block app execution form a smartphone with USB Debugging enabled yes, no Optional yes
‑wifi_security_protocol You can collect smartphone's current Wi-Fi security protocol information such as WEP,WPA. When you enable this option, android.permission.ACCESS_WIFI_STATE is added to your application collect, disable Optional disable
‑app_signing After AppSealing, app's signature is disabled. To install sealed app on smartphone, you need to sign your sealed APK or AAB manually or using this option. You can use registered_key option after register your keystore on AppSealing console none, appsealing_key, registered_key Optional none

# Example usage with simple options

Example command line When you apply AppSealing on your App bundle with only using required options. All not mentioned options will be automatically applied as default values.

$ java -jar sealing.jar -url https://api.appsealing.com/covault/gw -authkey 123456789ABCDE -srcapk app-release.aab -sealedapk app-release-sealed.aab

# Example usage with enabling all options

Example command line When you apply AppSealing on your App bundle with only using required options.

$ java -jar sealing.jar -url https://api.appsealing.com/covault/gw -authkey 123456789ABCDE -srcapk app-release.aab -sealedapk app-release-sealed.aab -app_type GAME -service_type NATIVE_AOS -service_version 2.31.0.0 -deploymode test -dex_encrypt yes -select_dex_encrypt yes -block_environment rooting,emulator -allow_emulator LDPlayer,Bluestacks,Nox -block_work_profile yes -allow_work_profiles 'Samsung SecureFolder' -block_keylogger yes -hide_overlay_windows yes -allow_external_tool macro,sniff -app_signing registered_key

# Run sealing.jar using the config.txt file

You can run CLI tool file with below option, and can manage all options at config.txt file.

$ java -jar sealing.jar -config ./config.txt

# config.txt file

###############################################
###      AppSealing CLI Tool Parameter    #####
###############################################

# Sealing API URL (Don't change this)
url=https://api.appsealing.com/covault/gw

# AppSealing Authentication Key (Enterprise authentication key)
authkey=

# Original source APK/AAB file path (File path of original APK/AAB)
srcapk=

# Sealed APK/AAB file path (Save path for Sealed APK/AAB)
sealedapk=

# Deploy mode { release | test }
deploymode=

# Emulator and root device option { emulator, rooting }
block_environment=

# Allow emulator exceptionally when you block emulators { BlueStacks, Nox, LDPlayer, ...}
allow_emulator=

# Allow apps to run in environments with external tools installed option { macro, sniff }
allow_external_tool=

# Work profile block option( yes | no )
block_work_profile=

# Allow Work profile exceptionally when you block workprofiles set yes.( Samsung SecureFolder )
allow_work_profiles=

# Allow apps to run in environments with keylogger installed { yes | no }
block_keylogger=

# DEX encryption option { yes | no } 
dex_encrypt=

# Enable to select partial dex encryption option { yes | no }
select_dex_encrypt=

# Target service version 
# Hybrid versions are different from Native service, you need to check avaiable version first.
service_version=

# Select your app`s type for more optimized sealing { GAME | NON_GAME } 
app_type=

# AppSealing service type (Required for Hybrid) { NATIVE_AOS | HYBRID_AOS } ( default : NATIVE_AOS )
service_type=

# App Build Framework (Required for Hybrid) { REACT_NATIVE | IONIC | CORDOVA } 
Framework=

# App Signing Option for sealing app { none | appsealing_key | registered_key } (default : none)
# none : AppSealing has been applied, but it has not been signed. In order to install it on the device or distribute ito the store, developer must sign it with a signing key.  
# appsealing_key : AppSealing is applied and signed with the debug key. The signed app can be installed on the device and tested during development (evaluation) stage, but in order to distribute it to the store, developer must use the signed app with the distribution key. In case of AAB package, this option applies as ‘none’ value and the app is unsigned.
# registered_key : AppSealing is applied and signed with a pre-registered key. To use this option, developer must pre-register the key to be used for app-signing in the AppSealing Developer Console (ADC). Developers can download signed app that with distribution signing key. 
#You can upload 'upload-key' of your project if you are using Google Play Signing
app_signing=

# Example of config.txt for Native AppSealing

Native app: App build with general Android Studio, Flutter, Unity, or Unreal engine. Ex) Using execution script only for srcapk and sealedapk parameter and the rest for configuration file in Windows,

java -jar sealing.jar -config config.txt -srcapk app-release.apk -sealedapk app-release-sealed.apk

Ex) Settings in Config.txt

###############################################
###      AppSealing CLI Tool Parameter    ##### 
###############################################
# Sealing API URL
url=https://api.appsealing.com/covault/gw

# AppSealing Authentication Key (Authentication key)
authkey=123456789ABCDE

# Deploy mode { release | test }
deploymode=release

# Emulator and root device option { emulator, rooting }
block_environment=emulator, rooting

# Allow emulator exceptionally when you block emulators { BlueStacks, Nox, LDPlayer, ...}
allow_emulator=BlueStacks, Nox, LDPlayer

# Work profile block option( yes, no )
block_work_profile=yes

# Allow work profiles exceptionally when you block work profiles { Google FamilyLink, Samsung SecureFolder}
allow_work_profiles=Samsung SecureFolder

# Allow apps to run in environments with keylogger installed { yes, no }
block_keylogger=no

# Allow apps to run in environments with external tools installed option { macro, sniff }
allow_external_tool=macro, sniff

# DEX encryption option { no | yes }
dex_encrypt=no

# Enable to select partial dex encryption option { no | yes }
select_dex_encrypt=no

# Sealing service version
service_version={native version number}

# App_type { GAME | NON_GAME }
app_type={app_type}

# App Signing Option for sealed app {none | appsealing_key | registered_key } (default : none)
app_signing=none

Notice: For Windows Platform, double file separator must be used in path configuration with config.txt. Ex) D:\AppSealing\sealing.jar

# Example of config.txt for Hybrid AppSealing

Hybrid app: App built with ReactNative, Ionic or Cordova.

Ex) Using execution script only for srcapk and sealedapk parameter and the rest for configuration file in Windows, for ReactNative app.

java -jar sealing.jar -config config.txt -srcapk app-release.apk -sealedapk app-release-sealed.apk

Ex) Settings in Config.txt

###############################################
###      AppSealing CLI Tool Parameter    ##### 
###############################################
# Sealing API URL
url=https://api.appsealing.com/covault/gw

# AppSealing Authentication Key (Enterprise authentication key)
authkey=123456789ABCDE

# AppSealing service type { NATIVE_AOS | HYBRID_AOS } ( default : NATIVE_AOS )
service_type=HYBRID_AOS

# App’s Framework { REACT_NATIVE | IONIC | CORDOVA } 
framework=REACT_NATIVE

# Deploy mode { release | test }
deploymode=release

# Emulator and root device option { emulator, rooting }
block_environment=emulator, rooting

# Allow emulator exceptionally when you block emulators { BlueStacks, Nox, LDPlayer, ...}
allow_emulator=BlueStacks, Nox, LDPlayer

# Work profile block option( yes, no )
block_work_profile=no

# Allow apps to run in environments with keylogger installed { yes, no }
block_keylogger=no

# Allow apps to run in environments with external tools installed option { macro, sniff }
allow_external_tool=macro, sniff

# DEX encryption option { no | yes }
dex_encrypt=no

# Enable to select partial dex encryption option { no | yes }
select_dex_encrypt=no

# Sealing service version ( AppSealing’s hybrid version is different from native security service’s)
service_version={hybrid version number}

# App_type { GAME | NON_GAME }
app_type={app_type}

# App Signing Option for sealed app {none | appsealing_key | registered_key } (default : none)
app_signing=none

Notice: For Windows Platform, double file separator must be used in path configuration. Ex) D:\AppSealing\sealing.jar

Last Updated: 6/13/2024, 8:31:10 AM