Info Obfuscated methods


Obfuscation refers to methods to obscure code and make it hard to understand. Compiled Java classes can be decompiled if there is no obfuscation during compilation step.

Adversaries can steal code and repurpose it and sell it in a new application or create a malicious fake application based on the initial one.

Code obfuscation only slows the attacker from reverse engineering but does not make it impossible.


Design the application to add the following protections and slow reverse engineering of the application:

  • Obfuscate Java source code with tools like Proguard or Dexguard
  • buildTypes {
            release {
                minifyEnabled true
                proguardFiles getDefaultProguardFile('proguard-android.txt'),
  • Verification application signing certificate during runtime by checking context.getPackageManager().signature
  • Check application installer to ensure it matches the Android Market by calling context.getPackageManager().getInstallerPackageName
  • Check running environment at runtime
  • private static String getSystemProperty(String name) throws Exception {
        Class systemPropertyClazz = Class.forName("android.os.SystemProperties");
        return (String) systemPropertyClazz.getMethod("get", new Class[] { String.class }).invoke(systemPropertyClazz, new Object[] { name });
    public static boolean checkEmulator() {
        try {
            boolean goldfish = getSystemProperty("ro.hardware").contains("goldfish");
            boolean qemu = getSystemProperty("ro.kernel.qemu").length() > 0;
            boolean sdk = getSystemProperty("ro.product.model").equals("sdk");
            if (qemu || goldfish || sdk) {
                return true;
        } catch (Exception e) {
        return false;
  • Check debug flag at runtime
  • context.getApplicationInfo().applicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE;

Technical details
PackageObfuscated False False False True
com.util False
com.andreabaccega.formedittext False False
com.ingic.tripcrasher False
io.socket.parser False False
com.makeramen.roundedimageview False False False False False
android.arch.lifecycle False False
me.leolin.shortcutbadger False True
okhttp3 False False False
com.appeaser.sublimepickerlibrary False
io.socket.emitter False
io.socket.backo False False
com.andexert.library False
com.mukesh.countrypicker False
com.squareup.okhttp False
retrofit False False
com.facebook False False
me.relex.circleindicator False
com.andreabaccega.widget False True
com.amulyakhare.textdrawable False
bolts False
butterknife False
io.socket.thread False
com.kbeanie.imagechooser False
io.socket.hasbinary False
okio False False False False
com.pnikosis.materialishprogress False
io.socket.client False False
com.squareup.picasso False
io.socket.parseqs False
io.socket.utf8 False
io.socket.yeast False
com.bumptech.glide False False False False