Learn 3 easy steps to Obfuscate App Logic of Android and iOS applications in order to prevent reverse engineering via static code analysis.
Static Code Analysis is a type of reverse engineering where an attacker attempts to analyze the source code of an iOS or Android application in order to understand what the source code does and how it does it – all without running the app. There are many tools, techniques and methods hackers use to analyze source code and the internal application logic. For example, hackers use freely available tools like Hopper, IDA-Pro, Ghidra (disassemblers) as well as APKTool, Dex2Jar, JD-GUI (decompilers) in order to covert binary code (which is not human-readable) back into assembly code or original source code (which human-readable) – all for the purpose of understanding the functionality of the code or to trace the logical execution path of the code (for instance by building a call-graph).
Code obfuscation is the act of deliberately obscuring the code of a mobile application in order to make it extremely difficult for humans to understand, and/or to defeat reverse engineering tools like decompilers and disassemblers. Obfuscation completely alters the code without impacting the functionality.
While there are many different methods and techniques to obfuscate mobile application code, Obfuscating App Logic is an effective way of preventing attackers from using static code analysis to understand the application’s logical flow, especially when combined with other obfuscation techniques such as binary code obfuscation and application shielding.
Obfuscate App Logic is one of the obfuscation methods available as part of Appdome’s TOTALCode Obfuscation solution. When customers enable Obfuscate App Logic, all application logic classes and methods will be obfuscated and renamed to random strings. Appdome automatically keeps open-source libraries non obfuscated. When combined with string encryption and Strip Debug Information, understanding what the code does is very difficult and impractical.
When you enable Appdome’s Obfuscate App Logic feature, the following protections are included automatically:
In addition, unlike 3rd party obfuscation solutions, Appdome handles Reflections and function names that are being called through JNI up-calls (from C/C++ to Java/Kotlin) and down-calls (from Java/Kotlin to C/C++).
The classes and methods are obfuscated in the crashes and stack traces, so an attacker will not be able to understand the names even if a crash is triggered.
Optionally, to facilitate debugging, a mapping file can be downloaded in order to de-obfuscate the crashes, logs, etc.
The mapping file can be downloaded either by clicking on the ‘Build History’ button and in the ‘App Workflow Summary’, if the app was built with Obfuscate App Logic, you will see a button for “Download Obfuscation Mapping Files”. This will download a zip file with two files:
Note:The mapping zip file, can also be downloaded via Appdome’s REST API using https://fusion.appdome.com/api/v1/tasks/<task_id>/output?action=deobfuscation_script
Please follow these 3 easy steps to Obfuscate App Logic of iOS and Android apps to prevent attackers from understanding the application’s control flows via static code analysis.
Congratulations! Your mobile application’s logic is now obfuscated.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to Obfuscate App Logic. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Here’s what you need to build secured apps with Obfuscate App Logic
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
Check out the following related KB articles:
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.
Or request a demo at any time.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.