Securing Android Code Using White Box Cryptography and Obfuscation Techniques

Code obfuscation is a set of program transformations that make program code and program execution difficult to analyze. First of all, obfuscation hinders manual inspection of program internals. By renaming variables and functions, and breaking down structures, it protects against reverse-engineering. It protects both storage and usage of keys, and it can hide certain properties such as a software fingerprint or a watermark, or even the location of a flaw in case of an obfuscated patch. However, code obfuscation itself does not protect from code lifting or software piracy. It merely strengthens built-in protection mechanisms, e.g. against tampering or piracy so we propose a strong method for code obfuscation with white box cryptography as White box cryptographic algorithms aim to denying the key readout even if the source code embedding the key is disclosed Combination of these two concepts gives a new level in modern cryptography as well as optimizes its performance and additionally we will make Client and server more secure. Obfuscation itself does not prevent tampering, but hinders the preceding analysis phase. In our proposed method we will use code obfuscation with white box cryptography and apply on android based application, for this purpose we will use proguard.