PreEmptive logo

Android & Java Obfuscator Features from DashO

A good app hardening tool goes beyond just renaming code! Your application needs a multi-layered approach to obfuscation to remain truly safe from hacking and data breaches. 

Explore how DashO allows you to take a more proactive approach to Java and Android app security with multiple layers of protection.

PreEmptive Protection DashO shown on laptop

Why Choose Code Obfuscation for Java & Android Apps

code obfuscation icon
For both Android and Java-based apps, hackers can easily reverse engineer your application using Java decompilers. These expose the source code, making it possible for them to copy or change your code, or inject malicious code into it that can compromise user data, including banking information.

Code obfuscation is one of the most essential security measures developers can use to keep their apps safe. While there are many free obfuscation tools on the market, there are benefits to using tools like DashO that take a more robust approach to application security.

DashO’s Java Code Obfuscation Tools

DashO knows how to obfuscate Java code and other languages you use for your application. Here are some of the methods it enables your development and security teams to use.

Rename Obfuscation

Renaming obfuscation alters the names of your code’s methods and variables to make your source code more difficult for would-be hackers to understand. However, DashO goes a step beyond this classic way to obfuscate code using a patented method called Overload Induction™.
Instead of substituting one new name for each old name, Overload Induction renames as many methods as possible to the same name. This creates spaghetti logic that goes beyond comprehension.

Here’s an example of how Overload Induction might look on a few lines of code.
Before and after rename obfuscation example image

Control Flow Obfuscation

Traditionally, control flow obfuscation introduces false conditional statements and misleading branching, conditional, and iterative constructs to break decompiling tools. It produces spaghetti logic that can be difficult for hackers to understand. This form of Android obfuscation takes additional steps with DashO.

In addition to adding code constructs, DashO destroys the code patterns decompilers use to replicate source code. In turn, the program produces spaghetti logic that turns the work of even the most sophisticated decompilers into pure guesswork.
source code control

String Encryption

One common technique hackers use is locating critical code sections by looking for string references inside your binary. For example, if your application is time-locked, attackers can look for the timeout message inside the decompiled output. In this situation, when they find it, they’ll be very close to finding your time-lock algorithm and destroying or tampering with it.
Before and after string encryption example image
DashO allows security experts to hide the user strings that are present in their app’s binaries. It allows you to encrypt strings in the most sensitive parts of your application. As a result, you’ll have a more effective barrier against attacks like the one we just described.

Resource Encryption

DashO allows developers to protect the resources inside their application’s APK. Doing so makes it harder for attackers to inspect, copy, or alter them for nefarious purposes. DashO encrypts these resources and injects code to decrypt them while the application is running.
DashO Encryption icon

Watermarking

Watermarking helps developers track unauthorized copies of their software back to the source. DashO does this by embedding data like copyright information or unique ID numbers into your application without impacting its performance or runtime behavior.

Additionally, DashO’s watermarking algorithm works without increasing the size of your application or introducing extra metadata that could break it.
Watermarking icon

Removal

It’s no secret that smaller applications download, install, load, and run faster than their larger counterparts. DashO’s pruning algorithm analyzes your code to find unused types, methods, and fields, removing them. This in turn decreases the surface area of your app that’s open to attacks.

Furthermore, DashO removes used methods like debugging and logging calls that you don’t want to be visible in deployed applications.
Code removal icon

Tamper Detection & Defense

DashO injects code to verify your application’s integrity at runtime. If it detects potential tampering with your code, it can shut down the app, invoke random crashes, or perform other custom actions.
Anti tamper icon

Debug Detection & Defense Using Checks

Checks are DashO’s prebuilt validation that the program can inject into your Java or Android-based apps. They enable your app to detect unauthorized use cases, such as debugging or tampering.

However, Checks do more than just detect suspicious activity—they can also react in specified ways, such as forcing the user to exit the app. They can also call into application code, allowing for custom behavior based on the result of the Check. Developers can configure these responses for individual Checks, so all your apps can detect unauthorized uses in the same way, but respond to them differently.
Anti debugging icon

Root Check for Android

Rooted devices are a serious security concern for Android app developers. However, DashO can detect when an app is running on a rooted device, either offline or on a network. Users on your security team can then abort the session, quarantine the app, or otherwise report the incident.
DashO Android icon

Emulator Check for Android

DashO enables your application to shut down or behave differently when it detects the app is being run on an emulated device. This helps prevent reverse engineering attacks and keeps attackers from probing the application’s defenses through emulation.
DashO Emulator Check icon

Hooking Check for Android

Hackers use hooking frameworks to inspect and change your application during runtime without modifying its binaries. DashO can detect the presence of hooking frameworks and enable your app to respond accordingly by shutting down, sending an alert, throwing an exception or hanging, and more.
DashO Hooking Check icon

Shelf Life

Shelf Life is DashO’s app inventory management function. It allows you to embed expiration and notification logic into Android applications. DashO injects code that reacts to expiration by forcing the user to exit the application. This feature is particularly useful with beta or evaluation applications.

With Shelf Life, users can schedule an app’s expiration for a specific date and optionally issue warnings to users about the forthcoming deactivation.
DashO ShelfLife icon

Download a Free Trial

Want to try DashO for yourself? Download a free trial of DashO today or request a quote and see how you can elevate your app security today.