Android Obfuscation Detected

Android Obfuscation Detected

Risk: secure

Description

Code obfuscation has been detected in the Android application. Obfuscation makes static analysis and reverse engineering more difficult by reducing the readability of classes, methods, strings, resources, and other implementation details that would otherwise help an attacker understand the application internals quickly.

This is a resilience control rather than a guarantee of security. Obfuscation increases the effort required to analyze or modify the APK, but it should be combined with stronger protections such as signature validation, anti-tampering, anti-debugging, root detection, and server-side authorization checks.

Recommendation

This entry is informative, no recommendations applicable.

Links

• OWASP MASTG - Android Obfuscation (MASTG-KNOW-0033)
• OWASP MASTG - Testing Obfuscation (MASTG-TEST-0051)
• OWASP MASVS - MASVS-RESILIENCE-3
• Android Developers - Shrink, obfuscate, and optimize your app

Standards

• OWASP_MASVS_RESILIENCE:
  • MSTG_RESILIENCE_4
  • MSTG_RESILIENCE_9
  • MSTG_RESILIENCE_11
  • MSTG_RESILIENCE_12
• OWASP_MASVS_v2_1:
  • MASVS_RESILIENCE_2
  • MASVS_RESILIENCE_3
  • MASVS_RESILIENCE_4
• OWASP_ASVS_L3:
  • V10_1_1
  • V10_2_3