Background
The Security Guard client SDK, paired with its corresponding image, is a fundamental dependency widely used across mPaaS. To enhance compatibility and meet higher compliance standards in various scenarios, mPaaS offers Blue Shield as an alternative for use cases not supported by Security Guard.
Current status
mPaaS now supports switching from Security Guard to Blue Shield in Android baseline versions 10.2.3.23 and later. If you are using baseline 10.1.68 or earlier, you must upgrade to the latest 10.2.3 version.
Upgrade the baseline
Upgrade your baseline to version 10.2.3.23 or later.
For baseline 10.1.68
Follow the mPaaS 10.2.3 Upgrade Guide to upgrade to the latest 10.2.3 baseline and make the necessary adjustments.
For custom baselines
If you are using a custom baseline, join the DingTalk group with ID 145930007362 or submit a ticket to our support engineers to check if you can switch to the 10.2.3 baseline.
Upgrade the toolchain and switch to Blue Shield
Install Android Studio Flamingo | 2022.2.1 or later and the mPaaS plugin 3.0.230609 or later.
Remove the Security Guard component
In the app module's build.gradle file, use gradle exclude to remove the securityguard-build dependency library.
configurations.all {
exclude group: 'com.alipay.android.phone.thirdparty', module:
'securityguard-build'
}Add the Blue Shield component
Add the Blue Shield component SDK dependency.
implementation 'com.mpaas.android:blueshield' // Blue Shield SDK dependencyUpgrade the easyconfig plugin dependency.
classpath 'com.android.boost.easyconfig:easyconfig:2.8.0'Generate Blue Shield image
First, check if absBase64Code in the config file has a value. If it does, you can skip this step. If not, you need to follow the instructions below to generate a Blue Shield image.
If you are in a public cloud environment and the .config file that you downloaded from the mPaaS console has an empty absBase64Code value, make sure that you have uploaded a correctly signed APK and then download the file again. For more information, see Fill in configuration information and upload a signed APK.
Follow the steps in the images below and enter the required information to generate the Blue Shield image:
Key input fields in the images above:
Release Apk: The signed release APK generated from your mPaaS-integrated project.
MD5: This value is automatically populated after you upload the release APK package. It is the
public md5 keyof the APK package.mPaaS config File: You can download the
.configfile by clicking Download Config in the mPaaS console and then import it.appSecret: You can find this in the mPaaS console, as shown in the image below.
The other fields, such as appId, packageName, and outPath, are automatically populated from the previously entered information.
Finally, add the generated image to the assets directory of the project.
Verify Blue Shield image
Drag the APK package into Android Studio and check whether the assets directory contains abs_1222.jpg. If it does, the Blue Shield image is configured successfully.
Configure Blue Shield switch
In the AndroidManifest.xml file, add meta-data.
<!-- value: "antGroup" specifies Blue Shield -->
<meta-data
android:name="mpaas_security_mode"
android:value="antGroup"/>mpaas_security_mode is an option for the tool used for RPC signing.
Components updated to support Blue Shield
Mobile Gateway
Mobile Dispatch Center
Data Synchronization
Multimedia
Mini Program
Location Services
Unified Storage
Some internal dependency components
Ant Dynamic Card
Regression testing scope
After switching to Blue Shield, perform regression testing on your app, focusing on the updated components listed above.