Info Obfuscated methods


Obfuscation refers to methods to obscure code and make it hard to understand. Compiled Java classes can be decompiled if there is no obfuscation during compilation step.

Adversaries can steal code and repurpose it and sell it in a new application or create a malicious fake application based on the initial one.

Code obfuscation only slows the attacker from reverse engineering but does not make it impossible.


Design the application to add the following protections and slow reverse engineering of the application:

  • Obfuscate Java source code with tools like Proguard or Dexguard
  • buildTypes {
            release {
                minifyEnabled true
                proguardFiles getDefaultProguardFile('proguard-android.txt'),
  • Verification application signing certificate during runtime by checking context.getPackageManager().signature
  • Check application installer to ensure it matches the Android Market by calling context.getPackageManager().getInstallerPackageName
  • Check running environment at runtime
  • private static String getSystemProperty(String name) throws Exception {
        Class systemPropertyClazz = Class.forName("android.os.SystemProperties");
        return (String) systemPropertyClazz.getMethod("get", new Class[] { String.class }).invoke(systemPropertyClazz, new Object[] { name });
    public static boolean checkEmulator() {
        try {
            boolean goldfish = getSystemProperty("ro.hardware").contains("goldfish");
            boolean qemu = getSystemProperty("ro.kernel.qemu").length() > 0;
            boolean sdk = getSystemProperty("ro.product.model").equals("sdk");
            if (qemu || goldfish || sdk) {
                return true;
        } catch (Exception e) {
        return false;
  • Check debug flag at runtime
  • context.getApplicationInfo().applicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE;

Technical details
android.arch.lifecycle False
org.reactnative.facedetector False False False False
com.facebook.soloader False
org.joda.time False
com.imagepicker False
com.rnfs False
org.webkit.android_jsc False False
com.RNFetchBlob False
bolts False
com.facebook.jni False False False
org.reactnative.frame False
com.reactlibrary False
com.facebook.fbcore False False False
com.flurry.sdk True
com.facebook.imagepipeline False False
com.lwansbrough.RCTCamera False
proguard.canary False
com.babisoft.ReactNativeLocalization False True
com.cmcewen.blurview False
android.arch.core False False
com.facebook.drawee False
com.facebook.imageformat False
com.facebook.crypto False
com.drew.lang False False False
com.facebook.perftest False False False False
org.reactivestreams False
org.reactnative.barcodedetector False
com.facebook.binaryresource False
com.facebook.systrace False
com.bumptech.glide False
org.slf4j False
com.facebook.imageutils False False
com.reactnative.photoview False
okio False
com.facebook.cipher False
com.adobe.xmp False
com.drew.imaging False
com.facebook.datasource False False
io.fixd.rctlocale False
org.apache.http False
javax.annotation False
com.facebook.react False
me.relex.photodraweeview False False
javax.inject False
com.drew.metadata False
okhttp3 False
io.reactivex False