How to Obfuscate Mobile Apps & Prevent Reverse Engineering
Learn 3 Easy Steps to Obfuscate Mobile Apps & Prevent Reverse Engineering. Obfuscate Native iOS and Android Code and Libraries – No coding, No SDK.
In recent years, decompilers have reached a maturity level that allows recovering source code from mobile apps easily. You should obfuscate mobile apps as part of a first line of defense against reverse engineering attempts by hackers. What sets various obfuscation solutions apart is several things: (1) Ease of use (specialized compilers to post-build tools), (2) Performance (some obfuscation methods might impose a performance penalty), and (3) the reference threat level (expertise and time needed to break the defense).
Learn the 3 Easy Steps to Obfuscate Mobile Apps & Prevent Reverse Engineering. No Code, No SDK.
We hope you find this knowledge base useful and enjoy using Appdome!
Binary Code Obfuscation on iOS
In iOS, the application’s executable (see the structure of iOS applications) manifests as binary code. To make it unparsable by reverse engineering tools, Appdome shuffles the code around. This way, when the reverse engineering tool attempts to determine the target of a reference (for example, the target of a function call), it will appear as though it points to some arbitrary location.
On a large scale, this renders the code completely unintelligible. However, there is a prerequisite: the application must contain enough binary code to make the shuffling effective. Appdome will analyze the uploaded application to determine whether it meets the prerequisite requirements. Rest assured, most real-world applications fit the threshold. If however, your application is too small, we suggest you take advantage of Appdome Flow Relocation as an alternative.
Binary Code Obfuscation on Android
In Android, shared-libraries constitute the native-code part of the application (see the structure of Android applications).
Appdome takes advantage of the loading mechanism of shared libraries in Android and modifies it so encrypted libraries can be loaded. Then, when you integrate Binary Code Obfuscation, the native libraries that come with the application get encrypted using a unique key.
When an attacker attempts to open the protected libraries in a reverse engineering tool (such as IDA-Pro or Hopper), the applications will fail at recognizing the file as binary code.
Favor App’s Size
Obfuscation decreases the efficiency of compression algorithms, so obfuscating all the code in the app may increase its filesize significantly. You can enable Favor App’s Size, to keep publically available element unobfuscated and decrease the size of the build app.
The libraries that will remain unobfuscated, with this switch enabled are:
Open Source Libraries:
|libopencv_imgproc.so, libopencv_core.so, libopencv_java3.so||https://opencv.org|
Obfuscate Xamarin Libraries
libmonodroid.so, libmono-btls-shared.so, libmonosgen-2.0.so, libe_sqlite3.so, libmono-native.so, libxamarin-app.so
Obfuscate React Native Apps
libfb.so, libfolly_json.so, libglog.so, libglog_init.so, libgnustl_shared.so, libicu_common.so, libimagepipeline.so, libjsc.so, libprivatedata.so, libreactnativejni.so, libyoga.so. libc++_shared.so
Obfuscate Unity Apps
libunity.so, libil2cpp.so, libcri_ware_unity.so, libgpg.so
Obfuscate Cordova Apps
libxwalkcore.so, libxwalkdummy.so, libsqlcipher.so
IMPORTANT: Some applications which come with anti-tampering might clash with Appdome’s binary code obfuscation. Read this article to learn about Appdome’s own Anti-Tampering functionality.
About Binary Code Obfuscation with Appdome
Appdome is a no-code mobile app security platform designed to add security features, like native code obfuscation to Android and iOS apps without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily prevent reverse engineering iOS and Android apps.
3 Easy Steps to Obfuscate Mobile Apps & Prevent Reverse Engineering
Please follow these 3 easy steps to add native code obfuscation to Android and iOS apps.
- Upload an Android or iOS App to Appdome’s no code security platform (.apk, .aab, or .ipa)
- In the Build Tab, under Security, from within TOTALCode™ Obfuscation, enable Binary Code Obfuscation. (shown below)
- Click Build My App
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps with native code obfuscation. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Congratulations! The build is now complete and the app is protected with native code obfuscation.
No Coding Dependency
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Signing Secure iOS and Android apps
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
How To Learn More
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.