When releasing an app to the testing we are getting the following warning.
As per the internet the reason for adding a de-obfuscation mapping file is to get meaningful crash reports and analytics. But doesn't defeat the purpose of obfuscation.
If a 3rd party service can read the app using deobfuscation mapping (ex: Firebase Crashylitics), can;t anyone use the mapping to reverse engineer? Or is it not applicable for 3rd Party crash analytic services?
We expect 3rd party actors not to get our IP but at the same time ability to have meaningful crash reports as well.
Mappings are only passed on to the people you give them to. For example, when you give mappings to Firebase, only Google and the team associated with the Firebase project can access them. They won't share the file, and show you the right debug trace.
So nobody will be able to reverse-engineer your application with the mappings, since they won't have it...
And if you really care to get meaningful crash reports but not for 3rd party, just don't use them... And also, this way, you won't be dependent on a 3rd party.