All geek questions in one place

Are MonoDroid (Xamarin) apps less prone to theft?

I studied the Google Play license verification library to reduce the piracy of the application that I am ending. But it’s pretty easy to hack applications that use LVL (see How the Android License Validation Library lulls you into a false sense of security .

My question is, are MonoDroid apps initially less vulnerable in this area? The attack points, apparently, is the user code that processes the logic of the verification, processing the result, saving the result, etc. Automated tools look for common Java code templates. I think this would be useless with a MonoDroid application, since C # code is not converted to Java bytecode, but instead is stored as standard .NET IL, which receives JITd at runtime.

+4
source share
1 answer

My question is, are MonoDroid apps initially less vulnerable in this area?

No. Xamarin.Android just changes things; he does not change the problem area in any significant way.

Automated tools look for common Java code templates.

Nothing prevents automated tools from looking for common .NET code templates, that is, Xamarin.Android will not give anything a definite long-term advantage. There may be a short-term advantage, as this tool will not know what to do with it now.

However, we are considering ways to further obfuscate IL. Upcoming release 4.8 will support mkbundle , which will make it harder to find IL within .apk . However, this is just an added form of obfuscation and will undoubtedly be cracked in time, just as most forms of DRM will be broken in time.

There is no silver bullet.

+2
source

Source: https://habr.com/ru/post/1490196/

More articles:


All Articles