Info Obfuscated methods


Obfuscation refers to methods to obscure code and make it hard to understand. Compiled Java classes can be decompiled if there is no obfuscation during compilation step.

Adversaries can steal code and repurpose it and sell it in a new application or create a malicious fake application based on the initial one.

Code obfuscation only slows the attacker from reverse engineering but does not make it impossible.


Design the application to add the following protections and slow reverse engineering of the application:

  • Obfuscate Java source code with tools like Proguard or Dexguard
  • buildTypes {
            release {
                minifyEnabled true
                proguardFiles getDefaultProguardFile('proguard-android.txt'),
  • Verification application signing certificate during runtime by checking context.getPackageManager().signature
  • Check application installer to ensure it matches the Android Market by calling context.getPackageManager().getInstallerPackageName
  • Check running environment at runtime
  • private static String getSystemProperty(String name) throws Exception {
        Class systemPropertyClazz = Class.forName("android.os.SystemProperties");
        return (String) systemPropertyClazz.getMethod("get", new Class[] { String.class }).invoke(systemPropertyClazz, new Object[] { name });
    public static boolean checkEmulator() {
        try {
            boolean goldfish = getSystemProperty("ro.hardware").contains("goldfish");
            boolean qemu = getSystemProperty("ro.kernel.qemu").length() > 0;
            boolean sdk = getSystemProperty("ro.product.model").equals("sdk");
            if (qemu || goldfish || sdk) {
                return true;
        } catch (Exception e) {
        return false;
  • Check debug flag at runtime
  • context.getApplicationInfo().applicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE;

Technical details
android.arch.lifecycle False
net.minidev.asm False False False False
com.nimbusds.jose False False
net.minidev.json False
com.myfloorplan False
io.reactivex False False False
okhttp3 False
javax.annotation False False
com.nimbusds.jwt False False
javax.inject False False False
com.squareup.okhttp False False False
com.wayfindinglib False
org.reactivestreams False False
org.jetbrains.annotations False
org.greenrobot.eventbus False
dagger False False False False False
kotlin False False
okio False
com.bumptech.glide False False False False False
com.journeyapps.barcodescanner False
com.coachmarks.lib False
android.arch.core False
org.objectweb.asm False False
androidx.core.internal False False
androidx.versionedparcelable False
com.jsibbold.zoomage False
de.hdodenhof.circleimageview False False
dev.jci.mwp False
net.jcip.annotations False False False