I there a way to detect if an apk has been obfuscated?

Question

I'm working on instrumenting apks for monitoring purposes. is there a way to ascertain if an apk has been obfuscated? I'm specifically looking for a way to check if it has been obfuscated by junk byte injection obfuscation. Thanks.

Answer 1

I don't think you can be hundred percent sure that an APK has been obfuscated :

• obfuscation is a complex process. You can either only shrink code, obfuscate and shrink, obfuscate a few classes only, it will really be hard to detect that only a few classes were obfuscated.
• another problem is that you don't know the names of the classes that may have been obfuscated. Usually obfuscation will change classes names to a.a.a for instance. But, maybe the source code was using the class a.a.a for real... Who knows ?

You could still get the list of all classes inside a dex inside an apk (using command line dexdump | grep Descriptor) and see if you can recognize some obfuscated class name patterns. That would give you a certain level of confidence.