Is there any advance solution for Android application anti-tampering and bulletproof obfuscation implementation?
I have been already using following protections in my application:
Does anyone have any bulletproof advance technique to implement such solutions? I have come across this solution. Can anyone let me know how effective and practical it is to implement?
Obfuscation can only act as a hurdle for an attacker doing secure code review. Paid obfuscators such as Dexgaurd are far better than the free ones and can be used to considerably increase the attack complexity. But, we should not completely rely on obfuscation as an attacker can spend good amount of time to deobfuscate and analyze the code.
Android system is built on the top of Linux kernel. A root user(Rooting Android Device) in Linux system is a super user and has all the administrative privileges and so can do almost anything on the system. This includes bypassing the almost all the security implementations implemented in application/device. Therefore, I believe that there is no sure-shot solution to verify the integrity of the application.
Having said that, I suggest implementation of solutions that can help us to considerably increase the attack complexity and build somewhat tamper proof applications and SafteyNet Attestation API is one of them. I personally suggest the implementation of this API for implementing application integrity checks. It is a paid solution as the free quota is very limited. You must check the implementations guidelines properly and it should be securely implemented to get desired results.
For anti-hooking/debugging, I strongly recommend you to check Android Anti-Reversing Defenses that can be implemented to substantially increase the complexity.
