The freeRASP SDK contains public API, so the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to interrupt freeRASP SDK operations or modify the custom code in threat callbacks. All internal freeRASP classes are already obfuscated, so it is simple to distinguish freeRASP sources from the rest of the application code during the static analysis. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also to make it partially randomized for each application so it cannot be automatically abused by generic hooking scripts.
Please follow the integration guide of your platform for more information about how to obfuscate the app.
Below are code snippets demonstrating missing obfuscation detection across various platforms:
Recommended action: Use this callback during the development process to ensure that the app is obfuscated.