Welcome to No-Code Mobile Integration     Advanced App Shielding     Obfuscating Mobile Apps

Obfuscating Mobile Apps

Appdome is a no-code mobile integration platform as a service (iPaaS), supporting a wide variety of implementations for Android and iOS apps.

This Knowledge Base article summaries how obfuscating mobile apps on Appdome is super easy with TOTALCode™ Obfuscation.

About Obfuscation

In recent years, decompilers have reached a maturity level that allows recovering source code back from mobile app with ease. Obfuscation has become a well established preventive measure developers use against static reverse engineering attempts.

What sets various obfuscation solutions apart is several things:

  1. Ease of use
    This can range from using specialized compilers to post-build tools.
  2. Performance
    Some obfuscation methods might incur a performance penalty while other do not impact performance at all.
  3. Reference threat level
    Since eventually all defenses can be broken, what indicates how good a defense is the amount of work, expertise and time expected to break the defense.

To understand what TOTALCode™ Obfuscation means, we must understand two things:

  1. What does code mean in the context of an application?
  2. What is obfuscation?

Both answers should be such, that the result of making the application harder to reverse-engineer/attack is the most effective.

What is Code?

Code is any form of information that executes business logic.

So for example, the part of a navigation application that computes the faster route between two points is code. In this example, this is a part of the application that’s inherent to its function. You might say that this is what makes your application stand out between all other navigation applications. And as such, you might want to protect that code.

Another example would be a banking application, where the code is in charge for assembling the correct requests to the bank’s servers in order to request a list of all transactions.

For different platforms, and in different circumstances, what we just defined as code will be contained in different forms in the application.

Code location in iOS apps
  1. Part of the application executable if it is a native application (C/C++/Objective-C/Swift)
  2. Javascript code for Cordova or React-Native applications (Javascript/CSS/HTML)
  3. DLL files for Xamarin applications (C#)
Code location in Android apps:
  1. DEX files for compiled Java code (Java/Kotlin)
  2. Native code (C/C++)
  3. Javascript code
  4. DLL files (C#)

What is Obfuscation?

Obfuscation is the process of taking code, and transforming it in such a way that it is harder for an attacker to understand, but still functions correctly.

Common techniques range from things as complex as changing the build tools to emit convoluted machine code to modifying names/labels in the code to make them lose their meaning for human eyes.

However, not all forms of obfuscation are adequate to all types of code.

For example, modifying names and eliminating format in Javascript code (a process called minification) is not extremely effective as the code basically remains a text file and there exist tools today that can easily reverse the process.

Encrypting Javascript/DLL will be more effective. Of course, this requires a mechanism that would still allow encrypted files to function.

Alternatively, compile-time obfuscation is meaningless for an executable that already exists.

Applying Appdome’s binary code obfuscation will be more effective.

Appdome’s TOTALCode™ Obfuscation is intelligent and capable enough to match the correct form of obfuscation to the type of code that needs obfuscation.

Obfuscating Mobile Apps using TOTALCode Obfuscation

Follow these step-by-step instructions for obfuscating mobile apps by adding TOTALCode Obfuscation to Any Mobile App:

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

From the Build tab, choose the Security tab

  • Binary Code Obfuscation
    Obfuscating mobile apps, modifies the application’s binary code to make it unrecognizable by reverse-engineering tools.
  • Flow Relocation
    Modify the application’s compiled code by hiding the logical flow of the code to make reverse engineering an arduous task while keeping the same functionality of the original app.
  • Non-Native Code Obfuscation
    For applications that were developed using a non-native framework such as React-Native, Cordova or Xamarin, obfuscate the non-native code.
  • Strip Debug Information
    Eliminate all descriptive information from the application’s binaries. This information usually includes identifiers (variable and function names) and source code names/line numbers.
    Such information generally gets leftover from the build process of the application.
  • Encrypt Strings and Resources
    Every application contains (embedded in its code) various string constants such as URLs, tokens, names of files and so forth. These are a lucrative target for attackers as it gives them a very firm foot-hold on what a specific piece of code is responsible for, not to mention that some strings are valuable information in the own right (such as authentication tokens).
    Appdome located those strings and additional resources, encrypts them, and makes sure they can only be accessed by the application itself. Naturally, if the application has been tampered with, Appdome will not allow access to those strings, thereby foiling attack attempts.

After Obfuscating Mobile Apps on Appdome

After you have added TOTALCode to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.

Add Context™ to the Appdome-Built App

Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.

Sign the TOTALCode protected Appdome-Built App (Required)

In order to deploy an Appdome-Built app, it must be signed. Signing iOS app and Signing an Android app are easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.

Deploy the Appdome-Built App to a Mobile Device

Once you have signed your Appdome-Built app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Built apps, please read this knowledge base.

That is it. You’ve seen how easy it is to start obfuscating mobile apps.

How Do I Learn More?

If you are interested in obfuscating mobile apps, we suggest checking out ONEShield.

Also, we have a brochure on TOTALCode obfuscation.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Obfuscation , Security , Total Code Obfuscation , TOTALCode Obfuscation
Last updated byLiron Dror

Content

Accelerating App Lifecycles
Adding Context to Apps
Adjusting App Configuration On Appdome
Customize Mobile App Branding and More Without Coding
App Publisher Service
Viewing Published Apps in the App Library Dashboard - ISV Resource
Become a Publisher on Appdome App Library
Collaborate on App Development Using Appdome's App Library
Updating Apps Listed in Appdome Library - ISV Resource
Appdome For Teams
Enforce Your Organization Naming Policy on Fusion Set Templates
Collaborating safely using Team Leaders and Members
Sharing Fused Builds with Other Teams
Collaborate using Appdome for Teams
Enforce Organization Domain Verification On Appdome Teams
Adding Team Members with Entitlements and Roles from CSV
Using Entitlements to Collaborate on Mobile Integration Projects
Automatic App Distribution
Automatically Distribute Enterprise Apps to MobileIron Store
Automatically Deploying Mobile Apps From Appdome
Automatically Distribute Apps to Google Play Store
Automatically Distribute Enterprise Apps to Intune Store
Automatically Distribute Enterprise Apps to Maas360 Store
Automatically Distribute Apps to Apple App Store
Automatically Distribute Enterprise Apps to Workspace ONE UEM AirWatch
Fusing with Appdome-DEV
Automate Single Tasks using the Appdome-DEV REST API
Using Appdome-DEV to Automate Mobile App Integration
Auto-DEV Private Signing Android Apps
Auto-Dev Private Signing iOS Apps
What is Appdome-DEV
Using Appdome-DEV Build-to-Publish REST API
Using Appdome-DEV API Over Postman with an API Requests Collection
Fusing with Appdome-GO
Enforce Your Organization Naming Policy on Fusion Set Templates
What Is the Appdome App Workflow Summary
Sharing Fusion Sets with Other Teams
Analytics and Logs Available On the Appdome Platform
Sharing Templates Using Appdome-GO
Using Mobile Integration Templates with Apps
Locking your Fusion set to prevent changes
What Is Appdome-GO
Fusion on Appdome Platform
Comparing Appdome's Fusion with App Wrapping
Validating Integrity of Mobile Apps Prior to Integrating Features, SDKs and APIs
Using Mobile Integration Templates with Apps
How to Build Services in Apps on Appdome - End to End
Building a Secure Progressive Web App (PWA) on Appdome
Signing Apps
Using Appdome to Validate App Signing
Auto-Dev Private Signing iOS Apps
How to Sign Built Apps On Appdome
Signing iOS Apps on Appdome
Signing Android Apps on Appdome
Creating an iOS Distribution Certificate and P12 File for Signing iOS Apps
Signing iOS Apps Locally
Jabber Requirements for Third Party Integration
Enabling Apple WatchKit Support During Signing
How To Sign Android Apps Locally
Extracting a SHA-1 or SHA-256 Fingerprint from the Google Play Signing Certificate
Auto-DEV Private Signing Android Apps
Advanced App Shielding
Verify Lookout Mobile Security is installed and actively detecting threats on the device
Encrypting Sensitive Strings .xml Values In Android Apps
OneShield
De-obfuscating iOS crash reports
Encrypting In-App Preferences in a Mobile App
Encrypting Strings and Resources of a Mobile Application
Add Tamper Prevention to any Mobile App Fast
Verifying the Integrity of a Mobile Application
How Appdome Can Encrypt Specific Strings in Your iOS App
Add Debug Prevention to any Mobile App Fast
Protecting a Mobile Application from Reverse Engineering
Protecting and Hardening Mobile Apps With Anti-Tampering, Anti-Debugging, and More...
Block Common Cheat Engines From Hacking To Any Mobile Application
Block Frida Dynamic Instrumentation From Hacking To Any Mobile Application
TOTALCode Obfuscation
Obfuscating Non-Native Mobile Apps Without Re-Writing Code
How to Strip Debug Information From a Mobile App
Add Mobile App Binary Code Obfuscation Fast
No-Code Control-Flow Relocation in Mobile Apps
Obfuscating Mobile Apps
About ObfuscationWhat is Code?Code location in iOS appsCode location in Android apps:What is Obfuscation?Obfuscating Mobile Apps using TOTALCode ObfuscationUpload a Mobile App to Your AccountFrom the Build tab, choose the Security tabAfter Obfuscating Mobile Apps on AppdomeAdd Context™ to the Appdome-Built AppSign the TOTALCode protected Appdome-Built App (Required)Deploy the Appdome-Built App to a Mobile DeviceHow Do I Learn More?Thank you!
App Makers and App Publishers
Updating Apps Listed in Appdome Library - ISV Resource
Auto-Dev Private Signing iOS Apps
Become a Publisher on Appdome App Library
Auto-DEV Private Signing Android Apps
Collaborate on App Development Using Appdome's App Library
Viewing Published Apps in the App Library Dashboard - ISV Resource
Integrating Commercial ISV Apps
Using Appdome to Fuse Mobile Services to Commercial ISV Apps
Appdome REST API
Using Appdome-DEV Build-to-Publish REST API
Accessing Teams' Information and Audit Logs Using Appdome's REST API
Automate Single Tasks using the Appdome-DEV REST API
Appdome REST API
Using Appdome-DEV API Over Postman with an API Requests Collection
Enterprise Access and Connectivity
Mobile Access and MicroVPN Profiles
Add Microsoft Azure AD Application Proxy Accessibility to Any Mobile App Fast
F5 APM with Azure AD
Enable Android and iOS Apps with Secure Access to Corporate Resources
Adding MicroVPN to Mobile Applications - No Coding Required
Add SCEP with Microsoft Intune to Mobile Apps for Authenticating Secure Connections
Add MiTM Prevention and MicroVPN to Any Mobile App Fast
Private Server Certificates and Authorities
Using Favor Certificate Pinning
Supporting Proxy PAC inside Mobile Apps
Add Private Server Certificates and Authorities to Any App
Using Per-App VPN Routing
How to Change a Mobile App's User Agent - No Coding Required
Enterprise Mobility
The Difference Between Managed (MAM) and BYOD (EMM/Appdome Security) When Preventing Screenshots and Copy/Paste
Appdome Mobility Suite
Add Ability to Use In-App Messages Only to Any Mobile App Fast
Add Ability to Prohibit Camera to Any Mobile App Fast
Protect Mobile Privacy and Data using Appdome
Add Ability to Prohibit Microphone to Any Mobile App Fast
No-Code Integration of Microsoft Intune App SDK Into Mobile Apps
Add Ability to Prohibit Location to Any Mobile App Fast
Add Ability to Prevent App Screen Sharing to Any Mobile App Fast
Route Your App AVPlayer Media and Video Streaming via the EMM Tunneling
Add Appdome Adaptive App Routing to Any Mobile App Fast
Webview Consolidation for High Performance EMM Tunneling
Add Any EMM Dynamic Container to Any Mobile App Fast
Customize and Extend EMM and MAM SDK Implementations
How to Extend EMM Copy-Paste Prevention to Trusted Mobile Apps
Enable ONE-AppConfig Capabilities for your Apps
Mobile Permission Control
What is EMM Authenticated Tunnel
Add Ability to Prohibit Local Contacts to Any Mobile App Fast
Add Ability to Prohibit Local Calendar to Any Mobile App Fast
Add Ability to Use In-App Calls Only to Any Mobile App Fast
Integrate Apps with BlackBerry Dynamics (Good) SDK
Add BlackBerry Dynamics Authenticated Tunnel to Any Mobile App Fast
No-Code Integration of BlackBerry Dynamics SDK and BlackBerry Launcher Into Mobile Apps
Deploy Mobile Apps Integrated with the BlackBerry SDK to BlackBerry Control (Good Control)
ONE-AppConfig Integration Setup with BlackBerry
BlackBerry Dynamics Entitlement ID and Version Best Practices
Integrating Mattermost with BlackBerry Dynamics Without Coding End-toEnd
Deploy Mobile Apps integrated with BlackBerry SDK to BlackBerry UEM
Enabling Data Leakage Prevention (DLP) with BlackBerry Dynamics SDK
How to Add Fused Apps to BlackBerry Launcher
Integration of BlackBerry Dynamics SDK into Mobile Apps
Integrate an App with Custom EMM Policies and Populate Policies Settings in AppConfig
Integrate Apps with IBM Maas360 SDK
Deploy Mobile Apps Integrated with the IBM MaaS360 SDK
Automatically Distribute Enterprise Apps to Maas360 Store
No-Code Integration of IBM MaaS360 SDK Into Mobile Apps
Using IBM Security Access Manager ISAM for Web WebSEAL with Android and iOS Apps using Appdome MicroVPN
Integrate Apps with Microsoft Intune SDK
Deploy Mobile Apps Integrated with the Microsoft Intune SDK
No-Code Integration of Microsoft Intune App SDK Into Mobile Apps
Add Microsoft Intune and MicroVPN Into Mobile Apps
Automatically Distribute Enterprise Apps to Intune Store
No-Code Integration of Microsoft's Secure Browser, Email and Document Sharing Into Mobile Apps
Integrate Apps with MobileIron SDK
Automatically Distribute Enterprise Apps to MobileIron Store
ONE-AppConfig Integration Setup with MobileIron Core and Cloud
Verifying that a Certificate Is Trusted by MobileIron Sentry
Use Appdome to Integrate a Mobile App with the Mobilelron AppConnect SDK
Deploy Mobile Apps Integrated with the MobileIron SDK
Integrate Apps with VMWare Workspace ONE (AirWatch)
Setting Up VMWare Workspace ONE (AirWatch) for Built Enterprise Apps
No-Code Integration of VMware Workspace ONE (AirWatch) SDK Into Mobile Apps
Deploying Mobile Apps Fused with the VMWare Workspace ONE (AirWatch) SDK
ONE-AppConfig Integration Setup with VMWare Workspace ONE (AirWatch)
Mobile Permissions Control
Add Ability to Use In-App Calls Only to Any Mobile App Fast
Add Ability to Prohibit Local Contacts to Any Mobile App Fast
Add Ability to Prohibit Local Calendar to Any Mobile App Fast
Add Ability to Prohibit Microphone to Any Mobile App Fast
Add Ability to Use In-App Messages Only to Any Mobile App Fast
Add Ability to Prohibit Location to Any Mobile App Fast
Add Ability to Prohibit Camera to Any Mobile App Fast
SecurePWA™
Building a Secure Progressive Web App (PWA) on Appdome
Use BoostEMM connect additional and new EMM services
No-Code Integration of Microsoft Intune App SDK Into Mobile Apps
No-Code Integration of IBM MaaS360 SDK Into Mobile Apps
Using Secure Document Sharing between Trusted Mobile Apps
Improved Enterprise Mobility Experiences with BoostEMM™
No-Code Integration of Microsoft's Secure Browser, Email and Document Sharing Into Mobile Apps
Using Secure Email in Mobile Apps
Using Secure Browsers in Mobile Apps
How Appdome Works
Building a Secure Progressive Web App (PWA) on Appdome
Appdome Account Basics
Appdome Licences
Upgrading Your Appdome Account
The Appdome IDEAL Account
The Appdome EXTEND Account
The Appdome COMPLETE Account
Determining Your Best Appdome Account
Getting Support from Appdome Mobile Integration Platform
Getting Started with Appdome
My Profile
Essentials of Mobile App Integration with SDKs
No-Code Integration of Microsoft Intune App SDK Into Mobile Apps
How does Appdome's no-code mobile solutions platform work?
Codeless Automated SDK integration for developers and non-developers
Free Trial for No-Code Mobile SDK Integration
Using Appdome to Integrate Mobile SDKs to any Mobile App
Minimal Requirements and Mobile OS Version Support Policies
Support Policy for Mobile OS, SDK, and Published App Versions
Compatibility and Guidelines to Integrate Services to Mobile Apps
Minimum requirements to use with Appdome
Appdome's Mobile End User Information Monitoring Service
Start Here for the Essentials of Appdome
What is the Appdome platform?
Does Appdome Have An On-Premise iPaaS Service?
Appdome Mobile Integration Workflow
How to Upload My App to Appdome's Mobile Integration Platform
What is Appdome's My Apps?
How to Build Services in Apps on Appdome - End to End
What Is the Appdome Platform?
Appdome's Cloud Infrastructure Overview - Security & Disaster Recovery
Technology Overview
Appdome iPaaS Platform Security
Comparing Appdome's Fusion with App Wrapping
Does Appdome Add Libraries to My App?
Does Appdome Make Changes To Mobile Apps?
What is the Fusion Adapter?
When Should I Fuse Mobile Services to My App?
IPA files – Under the Hood
APK Files - Under the Hood
Mobile App Security
Keep Your Mobile App Photos Private And Protected with Appdome
Prevent Key-Logging
Preventing mobile apps from running on Banned Devices
Add the Appdome Security Suite to Mobile Apps
How to Integrate Enhanced Jailbreak and Root Detection Without Coding
Add Ability to Protect Dynamically Generated Windows to Any Mobile App Fast
Mobile Permission Control
Implementing Secure Download with Appdome Fast
Using FIPS 140-2 Cryptographic Modules in a Mobile App
Adding 'Detect Unknown Sources' to protect mobile apps from harmful content
Jailbreak and Root Protection For My App
Add Ability to Prevent App Screen Sharing to Any Mobile App Fast
Appdome App Integrity and Structure Scan
Add Ability to Use In-App Calls Only to Any Mobile App Fast
Add Ability to Use In-App Messages Only to Any Mobile App Fast
Appdome's Mobile Security Suite
Verify Lookout Mobile Security is installed and actively detecting threats on the device
Data Loss Prevention
Mobile TOTALData Encryption Exceptions and Comments
Store and Encrypt Secrets in Your Mobile Apps' Protected Memory
Building iOS Secured Enclaved Keys Into Your app
Implementing Mobile TOTALData Encryption on Appdome
Implementing Smart Offline Handoff to your app on Appdome fast
Protect Mobile Privacy and Data using Appdome
How to add Copy/Paste Prevention to a mobile app
How to use Smart Media Sharing
Use an External Seed for Data at Rest Encryption in Mobile Apps
Add code packing to Android Mobile Apps with Appdome APPCode Packer
DEV-Events
Configuring Appdome Security Alerts with DEV-Events for Native Apps
How to implement Appdome DEV-Events on your Mobile App
Configuring Appdome Security Alerts with DEV-Events for Cordova Apps
Configuring Appdome Security Alerts with DEV-Events for Kotlin Apps
Configuring Appdome Security Alerts with DEV-Events for React-Native Apps
Configuring Appdome Security Alerts with DEV-Events for Xamarin Apps
Configuring Appdome Security Alerts with DEV-Events for Swift Apps
Secure Communication
Adding URL Whitelisting to a Mobile App
Enforce TLS Cipher-Suites
How to use SecureAPI™
Protect Against Mobile MiTM Attacks and Malicious Proxies
MitM Attack Protection using Appdome Trusted Session
Certificate Signature Hardening
Enforce TLS Version
Enforce Certificate Roles
Add a Unique Shared Secret To Any Mobile App Client requests
TOTALData Encryption
Add code packing to Android Mobile Apps with Appdome APPCode Packer
Mobile Authentication
Appdome for Single Sign-On
How to Build Custom Single Sign-On Workflows inside Android and iOS Apps
Propagating Single-Sign-On Cookies To All Domains
Adding Multiple Authentication Profiles to a Single App
Blocking Malicious Redirect Requests During SSO Authentication
Troubleshooting SSO for Mobile Apps
Adding Modern Authentication (OAuth2) to Mobile Apps
Enabling Mobile Apps to Share Authentication State
Add SSO to Any Mobile App Without Coding
Conditional Cookies
Add ADFS SSO to Any Mobile App Fast
Integrate Apps with F5 APM Single Sign-On
Add F5 APM SSO to Mobile Apps Fast
How to Configure an OAuth 2.0 Server in F5 Big-IP
Integrate Apps with Microsoft Single Sign-On
Add Microsoft ADAL to Any Mobile App Without Coding
How to Register Apps in Microsoft Azure Active Directory
Adding NTLM to Mobile Apps for Authentication to Microsoft Active Directory
Add Microsoft Azure AD SSO to Any Mobile App Fast
Integrate Apps with Okta Single Sign-On
How to Register Applications in Okta Identity Cloud Single Sign-On
Add Okta SSO to Any Mobile App Fast
Integrate Apps with ping Single Sign-On
Add Ping SSO to Any Mobile App Without Code
How to Register Apps in Ping Federate
Mobile Identity 
Appdome for Multi-Factor Authentication
Adding Appdome Biometric-Based Multi-Factor Authentication to Your App
Using Appdome to add MFA to a Mobile App by Fusing Gemalto Mobile PKI SDK to the App
How to Build Custom Multi-Factor Authentication Workflows inside Android and iOS Apps
Nexmo Verify
Nexmo Environment App
Adding DEV-Events™ to your Appdome for Nexmo Verify implementation
Add Nexmo Verify 2FA to any iOS or Android app using Appdome
What's Included When Nexmo Customers Implement The Nexmo Verify MFA on Appdome
OneLogin
Adding OneLogin MFA to Your App
Integrating Your App with Appdome DEV-Events™ and OneLogin MFA Service
PingID
Adding PingID MFA to Your Application
Mobile Threat
Matching Swift Versions when Integrating with F5 Anti-Bot SDK
Integrate Any Mobile App with the F5 Anti-Bot SDK
Troubleshooting F5 Anti-Bot Server Configuration
What's Included When F5 Customers Implement The Anti-Bot SDK on Appdome
Troubleshooting and Tips
Troubleshooting F5 Anti-Bot Server Configuration
Using Appdome-DEV API Over Postman with an API Requests Collection
Tips
What is a UDID and How Can I Obtain My iOS Device’s UDID?
Set Up a Simple Webpage to Deploy iOS Apps
Downloading Mobile Apps From Appdome
Extracting Root CA certificates from Websites
How to Obtain iOS Device Logs
Gathering Android Device Logs Using ADB
Testing Fused Apps with An Android ARM Emulator
"Sideload" Apps Using MacOS
Sideload a Fused Android App from Command Line Through ADB
Troubleshooting SSO for Mobile Apps
How to Complete Mobile Integration Projects After You Build Mobile Apps
Troubleshooting
Using Android Browser Troubleshooting App
Troubleshooting SSO for Mobile Apps
Custom App Compromise Notification & Troubleshooting When an App Exits
Common Play Store Deployment Error Codes
Modifying Apps with Frameworks that Don't Allow Bundle ID Changes
Data at Rest Encryption is "ON" but There are Unencrypted Files Inside My App’s Sandbox
Extracting Extended App Logs from Your Device
Dedùs - Appdome's Diagnostics App
Troubleshooting Secure Network Communication
Making sure that your iOS device is registered to your Development Provisioning Profile
Network Access and Authentication Troubleshooting App
Scroll Up