kiwisec.com

What It Is

KiwiSec positions itself as an application and IoT security service provider. Its website highlights capabilities covering Android/iOS/HarmonyOS app hardening, full-platform source-code virtualization and encryption, IoT firmware virtualization, privacy compliance checks, mobile app risk assessment, firmware inspection, App/IoT/Web penetration testing, fuzz testing, APM, and Web Application Firewall services. Its core focus is not a standalone WAF or cloud security product, but rather a security product portfolio built around “pre-release and runtime self-protection” for software.

Core Capabilities and Deployment

In terms of protection types, Android hardening includes Dex protection, Java2C, SO virtualization, signature verification, memory encryption, anti-debugging, and local data/SQLite encryption. On iOS, it is based on source code and an Xcode plugin, supporting code virtualization, obfuscation, string encryption, identity authentication, anti-HOOK, and jailbreak detection. KiwiVM targets binary protection for ELF, SO, EXE, Mach-O, and other formats. On the IoT side, it emphasizes lightweight function-level virtualization for C/C++ and firmware security testing. Deployment options are relatively diverse: APK/IPA or Archive submission, Xcode plugin, cloud-based testing, private cloud/on-premises deployment, and lightweight APM agents are all mentioned. For management features, testing products support online, Word, or JSON reports, and the privacy compliance platform supports enterprise member/role management. However, information on alert integrations, auditing, SIEM integration, and similar operational capabilities is limited.

Compliance and Pricing

Compliance is one of its key selling points. The site explicitly references MLPS 2.0, GBT25070-2019, GBT22239-2019, the Personal Information Protection Law, the Data Security Law, and MIIT Documents No. 164 and No. 191. Its privacy compliance checks support more than 50 detailed criteria, and its risk assessment covers 80+ risk points. However, the website mainly states that its services are “based on,” “comply with,” or “help meet” relevant requirements; no company-level certification certificates or third-party evaluation qualifications were found. Pricing is not publicly listed. The risk assessment version page states that pricing and usage periods are subject to the commercial contract, so overall it follows a consultative B2B pricing model.

Pros, Cons, and Best Fit

Its strengths are broad coverage: mobile, IoT, firmware, source-code protection, compliance testing, and penetration testing together form a relatively complete security chain. It also provides fairly detailed scenario descriptions for high-risk sectors such as finance, government and enterprise, military/confidential environments, IoT, and gaming. Limitations include insufficient transparency around pricing, SLA, delivery timelines, certifications, and platform-level operations/integration capabilities. Some pages also appear to reuse overlapping content, so buyers should conduct a POC before procurement. KiwiSec is better suited to mid-to-large enterprises and regulatory/testing organizations that need app anti-reverse-engineering, MLPS/privacy compliance, IoT firmware pre-shipment testing, connected-vehicle security, or smart-device penetration testing.

China Access and Alternatives

As a Chinese-language website with a domestic compliance focus, kiwisec.com is expected to be directly accessible from mainland China. Payment methods are not disclosed on the official website. If you need price comparisons or multi-vendor evaluation, you may also consider domestic alternatives such as BangBang Security, iJiami, Naga Information, Tencent Cloud Mobile Security, Alibaba Cloud Security, and 360 Jiagubao.