We would like to obfuscate a framework we are working on. This will allow users to verify their card payment using 3DS2, and so must meet many security requirements. One is PCI (document 'PCI 3DS SDK Security Standard' on their website):
For example, an internal class we want to protect might be changed from 'MyClass' to 'itfhzyjrhstywwdotfdmqinrxllojmuj'.
Any guidance will be much appreciated, thanks.
These forums prevented me from linking directly to the PCI SDK requirements document. Searching 'PCI Security Standards Document Library 3ds sdk' on Google will return it as the first result.
If we obfuscate our framework, and other apps use our framework, will these apps be rejected? I contacted App Review but received a reply saying they can only address issues with specific apps once submitted.\1.4 Protection Against Reverse Engineering
String and code obfuscation tools and
techniques might be sufficient to make the
reverse engineering of 3DS SDK binaries
impractical depending upon the
implementation. Properly implemented
runtime application self-protection (RASP)
and/or anti-debugging techniques could
also be used.
For example, an internal class we want to protect might be changed from 'MyClass' to 'itfhzyjrhstywwdotfdmqinrxllojmuj'.
Any guidance will be much appreciated, thanks.
These forums prevented me from linking directly to the PCI SDK requirements document. Searching 'PCI Security Standards Document Library 3ds sdk' on Google will return it as the first result.