Security Through Obscurity
An obfuscator’s effectiveness is measured by how well they use the obfuscation transformations presented in Table 2-1 and how many of them they use. If an obfuscator only scrambles identifiers, then it’s not going to be very effective. Better obfuscators reorder the bytecode to make it irreducible so that the contol flow cannot be reverse engineered—you can do this by taking adavantage of opcode language contructs that have no equivalent in Java. They typically also encrypt strings and manipulate the data structures to make them hard to understand. The obfuscator tool automates these and more transformations for you.
However, many of the transformations—what we could call defactoring, literally the opposite of refactoring—can ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
