1

Does using private methods and private fields make it harder for someone to reverse engineer code with the common decompilers floating around.

Like the ones mentioned here Decompile .smali files on an APK

Or does it have no effect as these decompilers allow the person to read each line of obfuscated code in a class.

What about using final on classes and methods to avoid classes being extended and methods being overridden, do they help as I read that the decompilers can not produce decompiled working code. Or is it inconsequential as it is simple to removing the final attribute inthe decompiled classes.

Does using many small modular classes make it harder for someone to decompile and hack the code or using big classes with long methods make it harder to read the obfuscated code.

I am sorry if these come across as noob questions.

Community
  • 1
  • 1
pt123
  • 2,146
  • 1
  • 32
  • 57
  • 3
    In a word, no! Obsfucation is your only friend. I recommend not worrying about it and focusing on your users. Like the next asteroid collision, there is nothing you can do about it so relax. If your app is the next Angry Birds, it will be pirated for sure. If it's like the other 99.999% of apps in the Play Store with 0 to a few thousand installs, no-one will even notice. – Simon Mar 15 '13 at 19:31

2 Answers2

1

Or does it have no effect as these decompilers allow the person to read each line of obfuscated code in a class.

Decompilers decompile all code, including private methods.

What about using final on classes and methods to avoid classes being extended and methods being overridden, do they help as I read that the decompilers can not produce decompiled working code.

Changing that requires pressing the Delete key five times (per final). This will not be a significant challenge for most people.

Does using many small modular classes make it harder for someone to decompile and hack the code or using big classes with long methods make it harder to read the obfuscated code.

Not materially, IMHO.

FWIW, I completely agree with Simon's comment.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • so it would be better developing pre-compiled native library written in C++ or C+ using NDK like mentioned [in this response] http://stackoverflow.com/a/13854795/1527440 – pt123 Mar 15 '13 at 21:45
  • @pt123: Probably not. If you need to use C/C++ for other reasons (e.g., performance) for specific focused things, go right ahead. But you cannot write complete ordinary Android apps in C/C++, as you do not have access to the vast majority of Android from native code. Full C/C++ apps are mostly limited to games. Native code can also be reverse-engineered, though it usually is more difficult. – CommonsWare Mar 15 '13 at 21:56
0

Nope. Obfuscation can help, but all it really does is add an extra hurdle for attackers. Security through obscurity does not exist. There are expensive tools around this coming into existence, created by companies such as Arxan, Via Forensics, and others.

withoutclass
  • 564
  • 8
  • 16