My Android & iOS apps uses some algorithms written in C++/Rust. Those algorithms are compiled to
.so in Android and
.a in iOS. Of course, I do not want the reverse-engineeers to look into the app and figure out the algorithm details easily.
I am not familiar with this field, so I have tried to "strip" the
.so files first. It does make the
.so file much smaller, and when using
file myfile.so I see it says "stripped". However, when the C++/Rust algorithm crashes, it can still be symbolized. I also look into
strings myfile.so and see a lot of things like
y_range_to_rect is one of my internally-used C++ functions, and
objdump even sees
0008daf2 <[email protected]@Base>: ...machine instructions... i.e. the function name and its content. Therefore, I am sure that, there still exists a lot of symbols there. The reverse-engineers can still leverage such information to understand the compiled library. What am I doing wrong here – I guess maybe I should find a way to further remove such symbols.
Most importantly, my main question is: What is the correct way to remove all debugging info for .so libraries in Android and .a libraries iOS? I have seen people saying stripping, but from discussions above, stripping is not enough obviously.
Thanks for any suggestions!
Source: Windows Questions C++