How to De-obfuscate Android Obfuscated App Logic Stack Traces using Sentry
What is Sentry?
Sentry is a lightweight, real-time crash reporting tool that helps developers track, prioritize, and fix stability issues that diminish app quality. Its integration with Appdome’s security features allows for easier debugging of obfuscated code.
Overview of Sentry Stack Traces with Appdome’s Obfuscate App Logic
Before diving into the de-obfuscation process, it’s important to understand the impact of integrating Appdome’s Obfuscate App Logic with Sentry. This integration results in obfuscated stack traces that are difficult to interpret without the appropriate de-obfuscation keys, thus safeguarding your app’s internal logic by making the stack traces difficult to read without proper de-obfuscation keys. The following sections of this article will guide you through the steps to automatically de-obfuscate these stack traces, starting with a glimpse at how an obfuscated stack trace looks prior to de-obfuscation.
Before Sentry De-Obfuscation
For manual de-obfuscation, please follow How to Deobfuscate Crash Stack Traces for Debugging Android Apps when using Obfuscate App Logic.
Preparing Your App
To start with the de-obfuscation process, your app first needs to be obfuscated using Appdome’s Obfuscate App Logic security features.
Prerequisites for Using Appdome’s Obfuscate App Logic Plugins:
To use Appdome’s mobile app security build system to Obfuscate App Logic, you’ll need:
-
Appdome account (create a free Appdome account here)
-
A license for Obfuscate App Logic
-
Mobile App (.apk or .aab for Android)
-
Signing Credentials (see Signing Secure Android apps and Signing Secure iOS apps)
How to Implement Obfuscate App Logic in Android Apps Using Appdome
On Appdome, follow these 3 simple steps to create self-defending Android Apps that Obfuscate App Logic without an SDK or gateway:
Figure 1: Fusion Set that will contain the Obfuscate App Logic feature
Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).
2.1.1 Follow the steps in sections 2.2 -2.2.2 of this article to add the Obfuscate App Logic to your Fusion Set via the Appdome Console.
2.1.2 When you select the Obfuscate App Logic, you’ll notice that the Fusion Set you created in step 2.1 now bears the icon of the protection category that contains Obfuscate App Logic.
Figure 2: Fusion Set that displays the newly added Obfuscate App Logic protection.
Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).
Figure 3: Fusion Set Detail Summary
2.1.4.1 Refer to the Appdome API Reference Guide for API building instructions.
2.1.4.2 Check Appdome’s GitHub Repository for sample APIs.
2.2 Add the Obfuscate App Logic to the security template
2.2.1 Navigate to Build > Security tab >TOTALCode™ Obfuscation section in the Appdome Console.
2.2.2 Toggle On Obfuscate App Logic</span
Note: The checkmark feature De-Obfuscate Sentry Stack Traces is enabled by default, as shown below.
Figure 4: Selecting Obfuscate App Logic
2.3 Initiate the build command either by clicking Build My App or via your CI/CD.
How to Automatically De-Obfuscate Sentry Stack Traces
- Click on Workflow Summary
- Download Obfuscation Mapping Files
- Locate the required files
- mapping.txt
- Locate your app-UUID from Sentry.
- The generated Sentry UUID can be found in your project settings.
For more details on how to generate a UUID, see Sentry documentation: How do I create a GUID / UUID?
- If you generated a UDID on your own, it can be located in your Android project in ‘manifest.xml’.
5. Run the following CLI command:
- The generated Sentry UUID can be found in your project settings.
sentry-cli upload-proguard --uuid <you project UUID> <path/to/mapping.txt> --org <your organization> --project <project name which attached to the UUID>
From this point forward, every stack trace in Sentry related to this Appdome build will be automatically de-obfuscated.
Related Articles:
- How to Obfuscate Java Code in Android Apps
- How to Obfuscate Kotlin Code in Android Apps
- How to Remove Debug Information, Anti-Reversing Android & iOS Apps
- How to Optimize File Size, Code Obfuscation Best Practices in Android & iOS Apps
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
