Info Obfuscated methods

Description

Obfuscation refers to methods to obscure code and make it hard to understand. Compiled Java classes can be decompiled if there is no obfuscation during compilation step.

Adversaries can steal code and repurpose it and sell it in a new application or create a malicious fake application based on the initial one.

Code obfuscation only slows the attacker from reverse engineering but does not make it impossible.

Recommendation

Design the application to add the following protections and slow reverse engineering of the application:

  • Obfuscate Java source code with tools like Proguard or Dexguard
  • buildTypes {
            release {
                minifyEnabled true
                proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
            }
        }
  • Verification application signing certificate during runtime by checking context.getPackageManager().signature
  • Check application installer to ensure it matches the Android Market by calling context.getPackageManager().getInstallerPackageName
  • Check running environment at runtime
  • private static String getSystemProperty(String name) throws Exception {
        Class systemPropertyClazz = Class.forName("android.os.SystemProperties");
        return (String) systemPropertyClazz.getMethod("get", new Class[] { String.class }).invoke(systemPropertyClazz, new Object[] { name });
    }
    
    public static boolean checkEmulator() {
    
        try {
            boolean goldfish = getSystemProperty("ro.hardware").contains("goldfish");
            boolean qemu = getSystemProperty("ro.kernel.qemu").length() > 0;
            boolean sdk = getSystemProperty("ro.product.model").equals("sdk");
    
            if (qemu || goldfish || sdk) {
                return true;
            }
    
        } catch (Exception e) {
        }
    
        return false;
      }
  • Check debug flag at runtime
  • context.getApplicationInfo().applicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE;

Technical details
PackageObfuscated
de.slackspace.openkeepass True
com.nimbusds.jwt True
com.crashlytics.android False
com.google.gson True
com.airbnb.lottie True
com.sophos.jsceplib True
com.sophos.keepasseditor True
net.minidev.asm True
org.jscep.client True
com.sophos.analytics True
android.support.transition True
com.sophos.jbase True
com.sophos.nge True
org.jscep.transaction True
android.arch.lifecycle True
com.squareup.okhttp False
org.simpleframework.xml False
android.security False
a.a.a True
org.a.a True
org.jscep.transport True
org.spongycastle False
com.squareup.leakcanary False
com.sophos.smsec True
androidx.media False
com.mikhaellopez.circularprogressbar True
org.tensorflow True
com.nimbusds.jose True
android.support.v4 False
org.jscep.message True
androidx.versionedparcelable True
com.google.protobuf True
com.sophos.otp True
android.support.d True
org.jscep.a True
com.google.zxing True
com.sophos.communication False
me.a.a True
com.sophos.savi False
com.sophos.appprotectengine True
android.support.b True
com.sophos.sxl4 True
com.google.firebase True
org.jsoup False
com.sophos.simplesxl31 True
okio True
android.support.constraint True
com.brandongogetap.stickyheaders True
android.support.a True
net.minidev.json True
com.sophos.appprotectionmonitorlib True