Info Obfuscated methods


Obfuscation refers to methods to obscure code and make it hard to understand. Compiled Java classes can be decompiled if there is no obfuscation during compilation step.

Adversaries can steal code and repurpose it and sell it in a new application or create a malicious fake application based on the initial one.

Code obfuscation only slows the attacker from reverse engineering but does not make it impossible.


Design the application to add the following protections and slow reverse engineering of the application:

  • Obfuscate Java source code with tools like Proguard or Dexguard
  • buildTypes {
            release {
                minifyEnabled true
                proguardFiles getDefaultProguardFile('proguard-android.txt'),
  • Verification application signing certificate during runtime by checking context.getPackageManager().signature
  • Check application installer to ensure it matches the Android Market by calling context.getPackageManager().getInstallerPackageName
  • Check running environment at runtime
  • private static String getSystemProperty(String name) throws Exception {
        Class systemPropertyClazz = Class.forName("android.os.SystemProperties");
        return (String) systemPropertyClazz.getMethod("get", new Class[] { String.class }).invoke(systemPropertyClazz, new Object[] { name });
    public static boolean checkEmulator() {
        try {
            boolean goldfish = getSystemProperty("ro.hardware").contains("goldfish");
            boolean qemu = getSystemProperty("ro.kernel.qemu").length() > 0;
            boolean sdk = getSystemProperty("ro.product.model").equals("sdk");
            if (qemu || goldfish || sdk) {
                return true;
        } catch (Exception e) {
        return false;
  • Check debug flag at runtime
  • context.getApplicationInfo().applicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE;

Technical details
PackageObfuscated False
javax.mail False
javax.annotation False
com.bumptech.glide False
com.jakewharton.disklrucache False
okhttp3 False
butterknife False False
de.hdodenhof.circleimageview False
io.socket.yeast False False
rx False False
com.victor.loading False False
com.squareup.picasso False
com.wonderkiln.blurkit False
io.socket.utf8 False True
io.socket.client False
com.zendesk.util False
zendesk.core False False
com.zendesk.logger False False
android.databinding False
com.mikhaellopez.circularimageview False
com.xw.repo False
com.zendesk.belvedere False
retrofit2 False
com.philliphsu.numberpadtimepicker False
org.jetbrains.annotations False False
com.hypertrack.hyperlog False
com.poovam.pinedittextfield False
com.zendesk.collection False
com.xiaochencode.percentprogressbar False
pl.droidsonroids.gif False
io.socket.backo False
com.zendesk.service False
com.example.crystalrangeseekbar False
io.socket.thread False
kotlin False False
com.lnikkila.extendedtouchview False False
io.socket.parseqs False False False False False
com.zendesk.sdk False
javax.activation False
javax.inject False
com.zendesk.func False
myjava.awt.datatransfer False
com.allenliu.badgeview False False True
io.socket.parser False
okio False False
com.jakewharton.picasso False
zendesk.suas False False
io.socket.hasbinary False
io.socket.emitter False True
dagger False False
zendesk.belvedere False
com.jjoe64.graphview False