Missing obfuscation detection [Android devices only]

The freeRASP SDK contains public API, so the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to interrupt freeRASP SDK operations or modify the custom code in threat callbacks. All internal freeRASP classes are already obfuscated, so it is simple to distinguish freeRASP sources from the rest of the application code during the static analysis. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also to make it partially randomized for each application so it cannot be automatically abused by generic hooking scripts.

Please follow the integration guide of your platform for more information about how to obfuscate the app.

Below are code snippets demonstrating missing obfuscation detection across various platforms:

// Android
override fun onObfuscationIssuesDetected() {
    TODO("Not yet implemented")
}

// Flutter
onObfuscationIssues: () => print("Obfuscation issues")

// Cordova
obfuscationIssues: () => {
    // Place your reaction here
},

// React Native
obfuscationIssues: () => {
    // Place your reaction here
},

// Capacitor
obfuscationIssues: () => {
    // Place your reaction here
},

Recommended action: Use this callback during the development process to ensure that the app is obfuscated.

PreviousDevice binding detection NextSecure Hardware detection (Keystore/Keychain secure storage check)

Last updated 9 months ago

Was this helpful?