问题
Is it possible to extract the code of a Xamarin Android application and inspect it?
I am in last stages of one Application which would be soon released on Play Store. However, I am worried if the code could be extracted and looked at by other people.
Please advise, how to secure my App from other people looking at the code for it.
回答1:
Yes, it is possible to extract the code of a Xamarin.Android application. By default, the .dll files are just resources inside the APK, and they can be extracted with a zip utility and examined with e.g. ILSpy.
The Xamarin docs explain how to protect your application, including:
- Disable debugging
- Obfuscate with Dotfuscator
- Bundle assemblies into native code (but see below)
- Use AOT (native) compilation (but see below)
Note that #3 requires an Enterprise license and just puts the .NET .dlls a layer deeper in the APK; it is still possible to extract them and they are still unobfuscated.
Note that #4 is explicitly listed as an experimental feature that should not be used in production.
Full disclosure: I work for PreEmptive Solutions, and we make Dotfuscator.
回答2:
You can select Ahead Of Time (AOT) compilation. That won't prevent extraction, but will made it very difficult to do. On top of that, you can use Crypto Obfuscator.
回答3:
I would suggest to read about SafetyNet as well, which provides a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users: https://developer.android.com/training/safetynet/index.html
回答4:
Obfuscating of Xamarin Android apps is of no sense (you can turn on "Enable ProGuard" option if you want but it will not Obfuscate your code) its better to turn on "Embed assemblies to native code" which will convert all code into a binary .so file. and it will make it difficult for hacker or reverse engineer to read that code and do reverse engineering AOT but that is in experimental and might create problem for some device after updated on play store. in order to play safe i would suggest to go with "Embed assemblies to native code"
来源:https://stackoverflow.com/questions/44065198/obfuscate-xamarin-application