So, I recently tested the takedown of one of my Android apps, and to my dismay, I found that the code was completely readable. Even worse, all my variable names are there intact! I thought they would be compressed to something unreadable at compile time. The application expires after a certain time. However, now it was trivial for me to find my function called checkIfExpired () and find the variable "expired". Is there any good way to make it more difficult for a potential hacker to mess with my application?
Before one of them formulates the obvious: Yes, this is security through obscurity. But, obviously, this is my only option, as the user will always have access to all my code. This is the same for all applications. The details of my deactivation — things are unimportant, the fact is that I don’t want the deassembler to understand some of the things that I do.
side questions: Why are variable names not compressed? Could it be that my program will run faster if I stop using very long variable names, like my habit?
source
share