44
submitted 6 days ago by [email protected] to c/[email protected]

I just discovered this open source obfuscator for mobile apps, that is funded by the European Union.

This has me wondering about the motives, since:

  1. the EU seems to be trying to move towards open source projects for their public domain, so no reason to obfuscate
  2. obfuscation methods should, by definition, be secret
top 2 comments
sorted by: hot top new old
[-] [email protected] 17 points 6 days ago

Not everything will be open source. For whatever reason, they decided to make this obfuscator open source. It might also just be an interesting side project that someone got permission to release.

Obfuscation can make it harder to reverse engineer code, even if the method is known. It might also be designed to be pluggable, allowing custom obfuscation. I haven't checked.

We also know that obfuscation isn't real security ... but it's sometimes it is also good enough for a particular use case...

[-] [email protected] 13 points 6 days ago

Anybody using obfuscation for securing algorithms is fooling themselves. It can be useful in fringe scenarios when you know and accept the limitations but for general use it is not. There is no obfuscation clever enough that can not be broken down and figured out.

Example - delaying cracking of copy protection for the first few weeks of a game release. It will be cracked eventually though, regardless the obfuscation and protection. Nobody expects it to be secure - but complicated enough to buy some time.

Other example - obfuscating assets loader for your game app to make it slightly harder to steal the graphics for scams and knock offs. It will not stop anybody dedicated to it but it can make the lazy skip it and go for the next game instead. Nobody expects it to be secure, but it might work as a deterrent because the next bicycle has a simpler lock to cut.

Counter example - thinking you're clever by obfuscating your homebrew cryptographic algorithm. Just don't. Use a FOSS crypto library, learn how to secure keys and be done with it. It's not secure or safe in any possible way ever and it is a really bad idea all over.

this post was submitted on 06 Jun 2025
44 points (89.3% liked)

Technology

71269 readers
4156 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS