Info Obfuscated methods

Description

Obfuscation refers to methods to obscure code and make it hard to understand. Compiled Java classes can be decompiled if there is no obfuscation during compilation step.

Adversaries can steal code and repurpose it and sell it in a new application or create a malicious fake application based on the initial one.

Code obfuscation only slows the attacker from reverse engineering but does not make it impossible.

Recommendation

Design the application to add the following protections and slow reverse engineering of the application:

  • Obfuscate Java source code with tools like Proguard or Dexguard
  • buildTypes {
            release {
                minifyEnabled true
                proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
            }
        }
  • Verification application signing certificate during runtime by checking context.getPackageManager().signature
  • Check application installer to ensure it matches the Android Market by calling context.getPackageManager().getInstallerPackageName
  • Check running environment at runtime
  • private static String getSystemProperty(String name) throws Exception {
        Class systemPropertyClazz = Class.forName("android.os.SystemProperties");
        return (String) systemPropertyClazz.getMethod("get", new Class[] { String.class }).invoke(systemPropertyClazz, new Object[] { name });
    }
    
    public static boolean checkEmulator() {
    
        try {
            boolean goldfish = getSystemProperty("ro.hardware").contains("goldfish");
            boolean qemu = getSystemProperty("ro.kernel.qemu").length() > 0;
            boolean sdk = getSystemProperty("ro.product.model").equals("sdk");
    
            if (qemu || goldfish || sdk) {
                return true;
            }
    
        } catch (Exception e) {
        }
    
        return false;
      }
  • Check debug flag at runtime
  • context.getApplicationInfo().applicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE;

Technical details
PackageObfuscated
io.reactivex False
freemarker.ext.beans False
io.indoorlocation.core False
io.codetail.view False
androidx.sqlite.db False
com.eralp.circleprogressview False
freemarker.cache False
org.threeten.bp False
freemarker.ext.xml False
androidx.core False
com.nineoldandroids.util False
com.makeramen.roundedimageview False
com.bumptech.glide False
androidx.legacy.app False
com.airbnb.lottie False
ezvcard False
com.nineoldandroids.view False
androidx.lifecycle False
androidx.appcompat False
com.jakewharton.rxrelay2 False
freemarker.ext.dom False
freemarker.ext.jython False
androidx.loader False
org.reactivestreams False
com.squareup.okhttp False
androidx.constraintlayout.solver False
com.rengwuxian.materialedittext False
freemarker.ext.jdom False
androidx.legacy.v13 False
com.caverock.androidsvg False
dagger False
androidx.legacy.widget False
kotlin False
okio False
net.sourceforge.zbar False
androidx.recyclerview False
androidx.media False
com.mapbox.services False
org.opencv False
com.daimajia.numberprogressbar False
com.gigamole.library False
com.google.gson False
com.flipboard.bottomsheet False
com.apollographql.apollo False
androidx.navigation False
org.slf4j False
lsdka True
com.google.firebase True
com.timehop.stickyheadersrecyclerview False
freemarker.ext.rhino False
androidx.legacy.view False
com.airbnb.deeplinkdispatch False
com.github.jorgecastilloprz False
com.ryanbrooks.expandablerecyclerview False
androidx.collection False
androidx.swiperefreshlayout False
androidx.legacy.coreutils False
com.layer.lsdka True
androidx.fragment False
com.eftimoff.androipathview False
freemarker.template False
com.nineoldandroids.animation False
androidx.drawerlayout False
androidx.localbroadcastmanager False
androidx.customview False
com.tokenautocomplete False
com.mapzen.lost False
okhttp3 False
com.getkeepsafe.relinker False
com.lsdka.lsdka True
com.mapbox.geojson False
rx False
com.layer.sdk True
flipboard.bottomsheet False
org.jsoup False
androidx.room False
freemarker.ext.servlet False
androidx.renderscript False
org.jetbrains.annotations False
de.hdodenhof.circleimageview False
com.miguelcatalan.materialsearchview False
com.facebook.shimmer False
com.arasthel.asyncjob False
io.mapwize.mapwizeformapbox True
com.bvapp.arcmenulibrary False
androidx.documentfile False
androidx.cardview False
com.eftimoff.mylibrary False
javax.inject False
androidx.coordinatorlayout False
io.realm False
io.codetail.animation False
pl.tajchert.nammu False
com.mapbox.mapboxsdk False
freemarker.ext.ant False
freemarker.debug False
net.simonvt.menudrawer False
com.stfalcon.chatkit False
q.rorbin.badgeview False
androidx.legacy.content False
javax.annotation False
com.firebase.jobdispatcher False
org.apache.http False
androidx.interpolator False
com.jakewharton.threetenabp False
com.ragnarok.rxcamera False
androidx.cursoradapter False
com.jakewharton.rxbinding2 False
com.squareup.picasso False
freemarker.ext.util False
pl.droidsonroids.gif False
freemarker.core False
timber.log False
com.daimajia.easing False
me.saket.bettermovementmethod False
androidx.constraintlayout.widget False
freemarker.ext.jsp False
com.mixpanel.android False
androidx.arch.core False
androidx.print False
com.ittianyu.bottomnavigationviewex False
com.turingtechnologies.materialscrollbar False
jp.wasabeef.recyclerview False
net.opacapp.multilinecollapsingtoolbar False
com.bartoszlipinski.viewpropertyobjectanimator False
androidx.slidingpanelayout False
androidx.viewpager False
androidx.legacy.coreui False
freemarker.log False
com.franmontiel.persistentcookiejar False
androidx.annotation False
androidx.vectordrawable False
retrofit2 False
androidx.legacy.v4 False
androidx.transition False
androidx.versionedparcelable False
com.crashlytics.android False
com.codewaves.stickyheadergrid False
lsdkb.lsdka.lsdka True
androidx.asynclayoutinflater False
io.codetail.widget False