Menu Close

Code hardening (obfuscation & encryption)

Code hardening

Protect your apps against reverse engineering

Android and iOS applications and SDKs can be reverse engineered in no time. Using easily available disassemblers and/or decompilers, hackers can access and analyze the source code of your applications. This opens possibilities for a broad range of abuse: hackers can steal your valuable code or clone your applications, they can extract sensitive information such as API keys and harvest credentials, they can even add malicious code to your applications and repackage them.

Code hardening is an effective way of protecting your APKs and SDKs for Android and iOS from reverse engineering and hacking. It consists of hardening the code at various levels through the application of multiple layers of obfuscation and encryption. Hardened code is resistant to both automated and manual analysis. 

Attackers further complement information gathered by static code analysis with dynamic analysis techniques. To prevent your applications from being analyzed at runtime, it is essential to implement runtime self-protection (RASP) mechanisms.

Obfuscation and encryption

Obfuscation refers to rendering code illegible without affecting its functionality. The techniques used to obscure code in this manner vary considerably. They range from the replacement of readable names in the code by difficult to decipher alternatives (name obfuscation) to the modification of the logical structure of the code to make it less predictable and traceable (control flow obfuscation). Another obfuscation technique consists of the conversion of simple arithmetic and logical expressions into complex equivalents (arithmetic obfuscation).

Encryption ensures the code of the application and the data it contains cannot be accessed while the application is at rest. The encrypted code is decrypted on-the-fly when the application is executed guaranteeing that it functions as intended. To be effective, the encryption must be applied in various layers. Essential encryption techniques include string encryption, class encryption, asset encryption and resource encryption.