Obfuscation in Xamarin Projects

Ali Bahrami picture Ali Bahrami · Apr 5, 2016 · Viewed 10.4k times · Source

As you know Xamarin projects are compiled into dot net dll assembly and it'll be pack into apk file and can be easily reflected by reflectors like DotPeek.

My first question is: How can we protect our code?

My second question is: Do obfuscator tools like SmartAssembly are usable in Xamarin projects or Xamarin projects won't support them?

Answer

matthewrdev picture matthewrdev · Apr 6, 2016

The best way to protect your .NET code (.DLLS) for APKs is to enable Ahead Of Time (AOT) compilation:

enter image description here

AOT compilation will compile your applications IL code (.dlls) into native instructions. The final code that is packaged into the APK is then X86, arm etc instructions rather than managed IL code.

AOT compilation is only available in Enterprise and higher licenses.

While AOT increases the difficulty of reverse engineering, it's still not 100% fool-proof. The final binaries can still be pulled from a rooted device and reverse engineered using software like IDA pro. It's a lot harder than using DotPeek but its still possible.

It is also important to note the down sides of enabling AOT compilation. Application builds times increase significantly as every assembly referenced by your app needs to be compiled; my experiences indicated that you should expect a 200%-300% increase in build times when AOT is enabled.

Additionally, AOT compilation will increase the final APK size.