It is possible that the application you are statically analyzing has been obfuscated. The purpose of obfuscation is to make the process of reverse engineering an application to gain insight into its processes and methods difficult or near impossible, and it is a practice that is becoming more common, especially with applications that contain sensitive data or those that want to steal yours!

There are both free and paid tools that offer obfuscation. ProGuard is an open-source tool that can be used to obfuscate code, and the examples shown above are from a commercial tool, called PreEmptive, which provides a layered approach to obfuscating Java, Kotlin, and Android applications.

While obfuscation makes nonsense of most of the code base, like the names of the variables, classes, and methods, it may be possible to run a strings search on the code to locate data of value. As mentioned in the blog by Chris Smith, sometimes Android applications developed in Kotlin may have an accompanying metadata file that is not obfuscated when using ProGuard, which can still provide insights into the application’s sensitive data.²

While de-obfuscation is not impossible, it is a time-consuming process that will involve learning about and piecing together parts of the code to determine its functionality, which is outside the scope of this course.

References:

[1] https://for585.com/obfuscationtoolspreemptive

[2] https://for585.com/kotlinobfuscation