6

As everybody knows, piracy becomes a very serious issue on Android. Does Mono for Android provide code obfuscation when compiling to native code?

zmarties
  • 4,809
  • 22
  • 39
Ramon Chan
  • 93
  • 1
  • 5

1 Answers1

7

Mono for Android does not provide this functionality, however you can still use a third-party tool for obfuscation. As Mono for Android produces CIL assemblies that are JITed by the Mono runtime on the Android device you need to obfuscate these .NET assemblies. Therefore tools like the Android obfuscator Proguard will not help you. The below .NET obfuscators have been reported to work with Mono for Android.

If you use Xenocode Postbuild then make sure you disable "metadata reduction" so that Class names remain valid in Java.

Update

Xamarin.Android allows you to package APK files without the need for the compiled .NET DLLs. This means you do not need to apply obfuscation from a .NET point of view. I can extract my release APK file and find that only the classes.dex file and the .so library files are included. To enable this tick the box "Embed assemblies in native code" (this may only be available for Enterprise subscribers).

Alex Wiese
  • 8,142
  • 6
  • 42
  • 71
  • 1
    Thanks. I have found few other sources also suggest to use Xenocode Postbuild. I will go and try it. – Ramon Chan Nov 13 '12 at 00:51
  • 1
    If you found my answer to be sufficient please don't hesitate to mark it as your accepted answer. – Alex Wiese Nov 13 '12 at 01:06
  • @alexw How did you package the APK without the DLLs? – Ian Dec 30 '14 at 15:08
  • @ian The option used to be called 'Bundle assemblies in native code' and is now 'Embed assemblies in native code'. Xamarin had changed it so it was only enabled for Enterprise users. They may have changed it back again so have a look for that option under the project [packaging settings.](https://www.google.com.au/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=https%3A%2F%2Fhelp.apperian.com%2Fdisplay%2Fpub%2FXamarin%2BApplication%2BRequirements&ei=C5ejVOuXD4qh8QW5sILgBQ&bvm=bv.82001339,d.dGc&psig=AFQjCNEpYgZjkR-M60qIahQ0RNc92g1Jow&ust=1420093570426281) – Alex Wiese Dec 31 '14 at 06:26
  • @Alexw it's not there. Maybe it is just an Enterprise feature. Thanks. – Ian Dec 31 '14 at 08:45
  • Would doing this mean we could then use Proguard on the APK effectively? – Kodejack Mar 17 '15 at 12:06
  • When using bundle into native assemblies, does it mean that sensitive information like using API keys etc are not accessible if somebody does reverse engineering? – Emil Nov 21 '17 at 10:40
  • @batmaci no, constant strings would be easily accessible in source code, no matter if it was IL code or native code. You'd have to use a tool that encrypts strings post-build so that it's harder (but not impossible) to reverse engineer. You can read more here: http://rammic.github.io/2015/07/28/hiding-secrets-in-android-apps/ – Alex Wiese Nov 21 '17 at 22:43
  • @batmaci the commercial sibling of ProGuard is DexGuard which can encrypt strings in code and resource files. https://www.guardsquare.com/en/dexguard – Alex Wiese Nov 21 '17 at 22:46