Are Xamarin.Android app users at risk?
Published on June 25, 2019 by Sebastian Holst
In a recent developer survey, Xamarin.Android developers were 50% less likely to have included rooted device detection or anti-tamper prevention as their Java Android peers were. Yet, both sets of apps are being deployed through the same marketplaces onto the same devices and are governed by the same regulations (PCI, GDPR, HIPAA to name just a few that expect these kinds of controls).Why are more Xamarin.Android apps going unprotected?
Are equivalent Xamarin.Android controls unavailable or too complex or expensive to implement? Or, are developers unaware that easy, effective tools for Xamarin.Android apps do exist? Are Xamarin.Android developers, who come from a .NET tradition, lacking the relevant platform-specific awareness to assess these uniquely Android risks?What are the implications?
For users: Given these lower levels of protection, as a group, are Xamarin.Android apps potentially less secure than Android Java apps?
For developers: Will Xamarin developers that forego security practices broadly embraced by the majority of Android developers be penalized?
For app stakeholders: Will regulators, courts, or public markets punish Xamarin.Android app owners when exploits occur on unprotected apps?What can a Xamarin.Android developer do?
“If I ever go looking for my heart’s desire again, I won’t look any further than my own backyard.” Dorothy, The Wizard of Oz
The answer, quite simply, is Dotfuscator Professional. The de facto standard for .NET app protection since Visual Studio 2003 has been significantly expanded to include lightning fast Xamarin project integration and now includes anti-tamper and rooted device detection and defense injection. That’s right, with injection, there is no coding required to get the same powerful runtime checks that Java developers have been using.