Using strict access to class members and modular code make it harder to reverse engineer APK

Question

Does using private methods and private fields make it harder for someone to reverse engineer code with the common decompilers floating around.

Like the ones mentioned here Decompile .smali files on an APK

Or does it have no effect as these decompilers allow the person to read each line of obfuscated code in a class.

What about using final on classes and methods to avoid classes being extended and methods being overridden, do they help as I read that the decompilers can not produce decompiled working code. Or is it inconsequential as it is simple to removing the final attribute inthe decompiled classes.

Does using many small modular classes make it harder for someone to decompile and hack the code or using big classes with long methods make it harder to read the obfuscated code.

I am sorry if these come across as noob questions.

Answer 1

Or does it have no effect as these decompilers allow the person to read each line of obfuscated code in a class.

Decompilers decompile all code, including private methods.

What about using final on classes and methods to avoid classes being extended and methods being overridden, do they help as I read that the decompilers can not produce decompiled working code.

Changing that requires pressing the Delete key five times (per final). This will not be a significant challenge for most people.

Does using many small modular classes make it harder for someone to decompile and hack the code or using big classes with long methods make it harder to read the obfuscated code.

Not materially, IMHO.

FWIW, I completely agree with Simon's comment.

Answer 2

Nope. Obfuscation can help, but all it really does is add an extra hurdle for attackers. Security through obscurity does not exist. There are expensive tools around this coming into existence, created by companies such as Arxan, Via Forensics, and others.