Missing code obfuscation

[playa92]

Hi,
I'm opening this issue to highlight that the freeRASP library currently lacks built-in code obfuscation. This means that even if all security measures are properly implemented, an attacker could still reverse-engineer the app, identify key methods or variables, and manipulate the app's behavior to bypass protections.
Is there any plan to include native obfuscation support within the freeRASP library itself?
Or is it expected that the integrating app should handle obfuscation independently using external tools?

Thank you!

[yardexx]

Hi!

Just to confirm before continuing - are you referring to obfuscation of the Flutter plugin code? (because Android library, which this plugin uses and act as wrapper, is very well obfuscated)

If so, the Kotlin part should already be handled by the built-in R8 obfuscation. The Dart and Swift parts are compiled to machine code, which doesn’t count as true protection but does make reverse engineering somewhat more difficult.

[playa92]

According to the MAPT report, it's clear that the current root/jailbreak detection mechanism (implemented via a library other than FreeRASP, such as jailbreak_root_detection based on IOSSecuritySuite) is easily bypassable. This happens because:

-The strings and methods of the library are not obfuscated.
-The amIJailbroken method was directly modified in the binary to always return false.
Even FreeRASP, although present, is not sufficiently protected if the main check is bypassed first.

If FreeRASP allows us to implement root/jailbreak detection effectively, we should consider removing the other library and rely solely on FreeRASP.

Thank you!