Nexilis / Products / Sentinel

Sentinel

Every app, untouchable.

The mobile-first zero-trust security layer that hardens any banking or government app against device compromise, tampering, and session hijack — without asking users to install anything extra, and without adding perceptible friction.

Request briefing See architecture
Downloads Brochure Executive Narrative
01 — Capabilities

Four layers of hardening, shipped as one integrated shell.

01 / ATTESTATION

Hardware-rooted trust

Every session starts with Google Play Integrity and iOS DeviceCheck attestation. If the device is rooted, jailbroken, running an emulator, or tampered with, the app refuses to initialize.

  • Play Integrity API
  • iOS DeviceCheck
  • Root & jailbreak detect
  • Emulator defense
02 / ENCRYPTION

Double-envelope sessions

Session keys are delivered inside two independent cryptographic envelopes, each tied to a compound nonce. Stealing one envelope reveals nothing; stealing both requires breaking two distinct trust boundaries.

  • DEX encryption
  • Double-envelope delivery
  • Compound nonce
  • Perfect forward secrecy
03 / HARDENING

App shell integrity

Runtime application self-protection, tamper-evident bundles, hooked-framework detection, and repackaging defense. The app watches itself — and reports back.

  • Anti-tamper · RASP
  • Repackaging detect
  • Frida & Xposed defense
  • Screen-capture block
04 / TELEMETRY

Signal to the SOC

Every attestation failure, tamper event, or policy violation streams to your SOC in structured form — no vendor cloud in between, no data-residency exposure.

  • Structured events
  • SIEM-ready output
  • Sovereign destination
  • Policy-driven triggers
02 — How it works

Five handshakes between app and server — each one a gate the attacker cannot pick.

01
Cold start attestationHardware · Pre-session
Before the app renders a single screen, Play Integrity returns a signed attestation token proving the device, app, and OS are uncompromised. The server validates it before issuing any session material.
Pre-login
02
Session key provisioningCryptographic · Double-envelope
Session keys are split into two envelopes, delivered over independent channels, and reassembled only inside a compound-nonce window. An attacker intercepting either channel gets cryptographic noise.
Handshake
03
DEX encryptionRuntime · Bytecode
The application's compiled bytecode is encrypted at rest and decrypted in-memory only during execution. Static reverse-engineering against a pulled APK yields nothing actionable.
Runtime
04
Continuous posture checksRuntime · RASP
While running, the shell monitors for hooking frameworks, debuggers, injected libraries, and policy violations. Violations trigger graceful degrade, session kill, or full lock — per your policy.
Runtime
05
Sovereign telemetryPost-event · Audit trail
Every security event is logged in a tamper-evident stream and delivered to your SOC's SIEM. No Nexilis cloud in the middle, no third-party data processor. Your data never leaves your trust boundary.
Continuous
03 — Use cases

Where Sentinel earns its keep.

Banking · BFSI

Mobile banking apps under OJK digital resilience

Consumer and SME banking apps that must meet POJK resilience guidance, resist SIM-swap and on-device malware, and survive regulator scrutiny of their mobile posture.

Audit-defensible posture with attestation evidence, zero-friction for the 99% of clean devices, and automated blocking of the 1% that aren't.
Government · Sovereign

Ministry and defense mobile communications

Apps carrying classified or sensitive government communications, where adversaries are assumed to include nation-state-level capabilities and where the device itself may be targeted.

Hardware-rooted attestation plus DEX bytecode encryption make static reverse-engineering and dynamic analysis infeasible outside a forensic lab.
Capital markets

High-value transaction flows

Trading, wealth, and treasury apps where a single session compromise can move hundreds of millions, and where attackers have the budget and patience for targeted device compromise.

Session keys that cannot be reused, stolen, or replayed — even when the attacker has full shell access to the device.
04 — In the portfolio

Sentinel is the foundation. Everything Nexilis ships runs on top of it.

Sentinel
Security · Foundation

The hardened shell. Every Nexilis product deploys inside it.

Enclave
Communications

Uses Sentinel's attestation and session keys as the identity root for encrypted conversations.
Reach
Engagement

Inherits Sentinel's device trust signal for agent-handoff authentication and fraud scoring.
Plaza
Destination

Commerce and loyalty transactions ride Sentinel's double-envelope session integrity end-to-end.
05 — Where it sits

Sentinel operates in the same category as the global leaders — with a sovereign deployment model built for Indonesia.

Category
Nexilis Sentinel Zimperium Appdome Lookout Promon Guardsquare

Mobile application protection and attestation — global category references for context.

What makes Sentinel different
Sovereign-hostable No vendor SaaS dependency Source-level audits Platform-native

Many mobile security products depend on a foreign vendor cloud. Sentinel is designed to deploy inside your trust boundary.

Next step

See Sentinel on your app. One briefing.

Fifteen minutes walks you through the attestation flow, the double-envelope architecture, and what integration looks like for your mobile app.

Email the team Back to portfolio