Xamarin Application Obfuscation

Question

Xamarin Application Obfuscation

Is it possible to extract the code of a Xamarin Android app and test it?

I am in the final stages of one App that will be released on the Play Store soon. However, I am concerned if the code could be checked out and reviewed by other people.

Please advise how to protect my application from other people viewing the code for it.

+3

c # obfuscation xamarin xamarin.android

user3379745 May 19 '17 at 8:36

source to share

4 answers

Nathan Arthur · Answer 1 · 2017-05-19T14:11:24+0000

Yes, you can extract the code of your Xamarin.Android app. By default, the files .dll

are only resources inside the APK and can be extracted using the zip utility and checked for example. ILSpy .

The Xamarin docs explain how to secure your application, including:

Disable debugging
Obfuscation with Dotfuscator
Linking assemblies into native code (but see below)
Use AOT (native) compilation (but see below)

Note that # 3 requires a volume license and just puts the .NET .dll

layer deeper into the APK; you can still extract them, and they still don't get tangled.

Note that # 4 is explicitly listed as an experimental feature and should not be used in production.

Full disclosure: I am working on PreEmptive Solutions and we are making Dotfuscator.

Taier · Answer 2 · 2017-05-19T08:55:04+0000

You can choose to compile Ahead Of Time (AOT). It will not interfere with mining, but it will be very difficult to do. Alternatively, you can use the Crypto Obfuscator .

Raimo · Answer 3 · 2017-05-19T23:04:31+0000

I would also recommend reading about SafetyNet, which provides a set of services and APIs that help protect your application from security threats, including device spoofing, bad URLs, potentially dangerous applications, and fake users: https://developer.android.com/ training / safetynet / index.html

Jay bhatia · Answer 4 · 2019-03-28T06:11:32+0000

Obfuscating Xamarin Android apps doesn't make sense (you can enable the "Enable ProGuard" option if you like, but it won't obfuscate your code), it is better to enable "Embed Assemblies in Native Code" which converts all code to binary..so file. and it will be difficult for a hacker or reverse engineer to read this code and reverse engineer the AOT, but this is experimental and may create a problem for some device after an update in the play store. to play safely, I would suggest switching from "Insert assemblies into native code"

Xamarin Application Obfuscation

More articles: