Does it make sense to obfuscate internal company application (APPX) on Windows Phone 8.1?

139 views Asked by At

So, I am trying to make our internal company application as secure as it's possible. The app is internal only, thus not available in the store. It's written in .NET C#.

I am considering obfuscating the application before deploying it on company devices, to prevent reverse engineering/decompilation once somebody finds a way to access the installed app binary. (as it's currently impossible as far as I know).

However, I found this slide that states the following on page 27:

When a user downloads your app to a device, it is pre-jitted to a native image.

This is confusing, as I did not found any certain/official documentation about this (if you have any documentation on this, please link it). I am not sure whether my application will be converted to native code upon deploying on my devices, or will it run the "regular" way containing CIL and metadata.

Let's assume that somebody manages to get full file access on the company phone, and can access the app binary. Does it makes sense to obfuscate Windows Phone 8.1 (APPX) application, or is it converted to "native" code right after install?

My question is really similar to this one, however in my case I need an answer focusing on Windows Phone 8.1!

1

There are 1 answers

2
Stuart Smith On

On windows phone 8.1 your code is not converted to native code. So it is totally worth while to obfuscate your code. It would not be that difficult for a Hacker to get your code and decompile it especially if they use pocket file manager. You can ftp any file off the phone even system files. Windows 10 the source code is compiled to native before it goes down to the device. I am sure this is to prevent such hacks. You can find pocket file manager application in the windows store.