Skip to content
Home Mobile Tools Guardsquare
GU

Guardsquare

NEW
Category: Mobile
License: Commercial (ProGuard is Open Source)
0 Comments
Visit Website →
Suphi Cankurt
Suphi Cankurt
AppSec Enthusiast
Updated February 10, 2026
4 min read
0 Comments

Guardsquare is a mobile application security company that provides code obfuscation, app shielding, and runtime protection for Android and iOS apps. The company is best known as the creator of ProGuard, the open-source Java bytecode optimizer used by virtually every Android application, and its commercial products DexGuard and iXGuard that extend ProGuard with advanced security features.

The platform takes a build-level approach to mobile protection. Rather than wrapping compiled binaries, Guardsquare’s tools integrate into the compilation process itself, applying obfuscation and hardening at the code level. This produces protection that is structurally embedded in the application rather than layered on top.

What is Guardsquare?

Guardsquare provides a complete mobile security lifecycle: test with AppSweep, protect with DexGuard/iXGuard, and monitor in production. The tools integrate into standard build systems (Gradle for Android, Xcode for iOS) and fit into existing CI/CD pipelines without requiring changes to application architecture.

DexGuard (Android)
Multilayered, polymorphic obfuscation with control flow randomization, string encryption, code virtualization, and built-in RASP for native and cross-platform Android apps.
iXGuard (iOS)
Obfuscation and runtime protection for native iOS (Objective-C, Swift) and cross-platform apps. Applies name obfuscation, string encryption, and anti-tampering checks.
AppSweep (Free)
Developer-friendly mobile application security testing that identifies vulnerabilities in your app and its dependencies. Free tier available for individual developers.

Key Features

DexGuard (Android Protection)

DexGuard is Guardsquare’s commercial Android protection tool. It applies multiple layers of obfuscation and hardening during the build process:

  • Control flow obfuscation: Restructures code logic so decompiled output is difficult to follow
  • Name obfuscation: Renames classes, methods, and fields to meaningless identifiers
  • String encryption: Encrypts hardcoded strings so they cannot be read from decompiled code
  • Code virtualization: Converts critical code sections into custom bytecode that runs on an embedded virtual machine
  • Asset and resource encryption: Protects app resources from extraction
  • RASP protections: Root detection, tamper detection, debugger detection, and emulator detection at runtime

DexGuard builds on ProGuard, so teams already using ProGuard can upgrade without reworking their build configuration. The tool integrates as a Gradle plugin and runs during the standard Android build process.

iXGuard (iOS Protection)

iXGuard provides equivalent protections for iOS apps built with Objective-C, Swift, or cross-platform frameworks. It integrates into Xcode build workflows and applies obfuscation at compile time. The tool covers name obfuscation, string encryption, control flow obfuscation, and runtime integrity checks.

Both DexGuard and iXGuard support cross-platform frameworks including Flutter, React Native, Unity, Cordova, Ionic, and Xamarin. This means a single security tool chain can protect apps regardless of how they were built.

ProGuard (Open Source)

ProGuard is the free, open-source Java bytecode optimizer that ships as part of the Android SDK. It shrinks, optimizes, and obfuscates Java and Kotlin code. While it provides basic protection through code shrinking and name obfuscation, it lacks the security-focused features of DexGuard such as string encryption, control flow obfuscation, and runtime protection.

ProGuard remains a solid baseline for apps that do not face targeted reverse-engineering threats. For apps handling sensitive logic, financial transactions, or proprietary algorithms, DexGuard provides the additional hardening layers.

AppSweep Security Testing

AppSweep is Guardsquare’s mobile application security testing tool. It analyzes Android and iOS app binaries to identify security vulnerabilities in your code and third-party dependencies. The free tier lets individual developers scan their apps at no cost, while AppSweep Enterprise adds role-based access control, SSO, and custom data retention policies for organizations.

AppSweep provides remediation guidance alongside its findings, helping developers understand and fix issues rather than simply flagging them.

Getting Started

1
Test with AppSweep — Upload your APK or IPA to AppSweep (free tier available) to identify existing vulnerabilities in your app and its dependencies.
2
Add DexGuard or iXGuard — Integrate the protection plugin into your Gradle (Android) or Xcode (iOS) build configuration. Existing ProGuard users can upgrade DexGuard with minimal config changes.
3
Configure protection layers — Select which obfuscation and RASP features to enable. Fine-tune protection levels for different parts of your codebase based on sensitivity.
4
Build and verify — Run your standard build process. DexGuard/iXGuard applies protections automatically. Review the build report for protection coverage details.

When to Use Guardsquare

Guardsquare is the right choice when your primary concern is preventing reverse engineering of your mobile app’s code. The build-level obfuscation approach produces stronger protection against static analysis than binary-wrapping alternatives, because the obfuscation is woven into the compiled output itself.

Consider Guardsquare for apps that contain proprietary algorithms, DRM logic, payment processing code, or other intellectual property that competitors or attackers might try to extract. Financial services, gaming, and media companies are common adopters.

Best for
Mobile teams that need deep code obfuscation and hardening integrated into their build process. DexGuard and iXGuard provide strong reverse-engineering resistance for apps with sensitive business logic, while AppSweep offers free security testing for any mobile team.

If your needs extend beyond code protection into fraud prevention, bot defense, and geo-compliance, tools like Appdome cover that broader scope. For runtime-only protection without build integration, Talsec offers a lighter-weight SDK approach with a free tier.

Frequently Asked Questions

What is Guardsquare?
Guardsquare is a mobile application security company that provides code obfuscation, runtime protection, and security testing tools. Its main products are DexGuard (Android), iXGuard (iOS), ProGuard (open-source Java optimizer), and AppSweep (free mobile security testing).
Is Guardsquare free or paid?
DexGuard and iXGuard are commercial products with custom pricing. ProGuard is free and open source. AppSweep, their mobile security testing tool, has both a free tier and an Enterprise version with role-based access and SSO.
What is the difference between ProGuard and DexGuard?
ProGuard is a free, open-source Java bytecode optimizer that provides basic code shrinking and name obfuscation. DexGuard extends ProGuard with multilayered security features including control flow obfuscation, string encryption, code virtualization, RASP, and tamper detection specifically designed for Android apps.
What platforms does Guardsquare support?
Guardsquare covers native Android (Java/Kotlin), native iOS (Objective-C/Swift), and cross-platform apps built with Flutter, React Native, Unity, Cordova, Ionic, and Xamarin through DexGuard and iXGuard.
How does Guardsquare compare to Appdome?
Guardsquare integrates at the build and compile stage, providing deep code-level obfuscation. Appdome works on compiled binaries with a no-code approach. Guardsquare excels at making code resistant to reverse engineering through obfuscation, while Appdome offers a broader range of defenses beyond code protection.
How we review tools Suggest an edit

Other Mobile Tools

AppKnox
AppKnox

300+ Enterprises, Gartner Recognized

Data Theorem Mobile Secure
Data Theorem Mobile Secure

#1 Gartner Cloud Native Apps

esChecker
esChecker

DAST + IAST for Mobile, OWASP MASVS

MobSF
MobSF

Open-Source All-in-One Mobile

See all Mobile tools

Complement with DAST

Pair mobile security with dynamic testing for broader coverage.

Invicti
Invicti

Proof-Based Scanning

Nikto
Nikto

Fast Web Server Scanner

See all DAST tools

Learn More

AI-Generated Code Security API Security Testing Application Security Checklist AppSec Compliance Mapping

Comments

Powered by Giscus — comments are stored in GitHub Discussions.