This Knowledge Base article provides detailed information on Appdome’s no-code mobile app obfuscation, including detailed step-by-step instructions on how to implement TOTALCode Obfuscation in any iOS or Android app in seconds – no coding required.
In recent years, decompilers have reached a maturity level that allows recovering source code back from mobile apps with ease. Obfuscation has become a well established preventive measure developers use against static reverse engineering attempts.
What sets various obfuscation solutions apart is several things:
To understand what TOTALCode™ Obfuscation means, we must understand two things:
The goal of obfuscation is to make the app harder to reverse engineer, understand, model, and derive meaning from the app or code.
Code is any form of information that executes business logic.
So for example, the part of a navigation application that computes the faster route between two points is code. In this example, this is a part of the application that’s inherent to its function. You might say that this is what makes your application stand out among all other navigation applications. And as such, you might want to protect that code.
Another example would be a mobile banking application, where the code is in charge of assembling the correct requests to the bank’s servers to request a list of all transactions.
For different platforms, and in different circumstances, what we just defined as code will be contained in different forms in the application. Mobile app obfuscation helps you keep your code secure and private.
Obfuscation is the process of taking code, and transforming in a way that makes it difficult or infeasible for an attacker to understand, but still functions correctly.
Common techniques range from things as complex as changing the build tools to emit convoluted machine code to modifying names/labels in the code to make them unintelligible to the human eye.
However, not all forms of mobile app obfuscation are sufficient or even applicable to all types of code.
For example, modifying names and eliminating format in Javascript code (a process called minification) is not extremely effective as the code basically remains a text file, and multiple tools can easily reverse the build and compile process and turn machine or intermediate code back into source code.
Encrypting Javascript/DLL is a more effective way to secure that code. Of course, this requires a mechanism that would still allow encrypted files to function.
Alternatively, compile-time obfuscation is meaningless for an executable that already exists.
Applying Appdome’s binary code obfuscation will be more effective.
Appdome’s TOTALCode™ Obfuscation is intelligent and capable enough to match the correct form of obfuscation to the type of code that needs obfuscation.
Follow these step-by-step instructions on how to obfuscate any iOS and Android app in seconds by adding Appdome TOTALCode Obfuscation to any app in seconds without touching source code.
Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.
After you have added TOTALCode Obfuscation to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
To deploy an Appdome-Built app, it must be signed. Signing the iOS app and Signing an Android app is easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app, and sign locally using your signing methods.
Once you have signed your Appdome-Built app, you can download it to deploy it using your distribution method of choice. For more information on deploying your Appdome-Built apps, please read this knowledge base.
That is it. You’ve seen how easy it is to start obfuscating mobile apps.
If you are interested in obfuscating mobile apps, we suggest checking out ONEShield.
Also, we have a brochure on TOTALCode obfuscation.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.