Do F-Droid check for obfuscated code ?
I think that obfuscated code is not open source and should be treated as a binary blob because it’s the same thing you get when you reverse engineer a closed source app.
do you have an example? there’s no check for that… also, how would you check w/o reading in whoie?
We don’t check that. If you know how to check that we can add it to scanner.
I think of making a parser that scans java or kotlin files and makes sure that packages, classes and methods names are not too short (like 1 or 2 characters) and if they were normal length it makes sure that they are real words from dictionary and not random characters.
If it fails it shouldn’t reject it it should point us to where it thinks the obfuscated code is to check manually.
After thinking about it again.
A bad user can just randomize classes names with random words from dictionary so it seems impossible without an AI that will cost a lot of resources.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.