I developed a software using JAVA 8 and JAVAFX and I am going to deliver it very soon. The JAVA code contains some sensitive information and I have no other choice than letting them in the code. Is obfuscation using proguard sufficient to prevent dishonest average persons (non expert computer scientists and non hackers) from understanding the code and thus accessing those sensitive data by decompiling the JAR ? Thank you in advance for your answers.
Asked
Active
Viewed 72 times
2 Answers
1
Obfuscating will change your identifier names to something meaningless so it will be difficult to understand the logic of decompiled code, but not impossible either.
Obfuscation will not touch values of pre-initialized constants like Strings and integers. Assuming your sensitive information is contained there and has some pattern to it, like header or being 2048 bits long, it can easily be identified.
Siddhesh Rane
- 419
- 3
- 7
-
That depends on the obfuscator. Many obfuscators do scramble string constants – Antimony Jan 19 '19 at 18:42
0
I think the answer is yes, but it depends a lot on how you define an "average" person. I'd recommend just simulating what you think an average person would try to read your code. For example, you could search online for decompilers and run your jar through all the popular decompilers and see what comes out.
Antimony
- 37,781
- 10
- 100
- 107