Clarify/Rethink criteria for obfuscated apps
as I wrote in: #161 (comment 544097616) the fact that app use minify & proguard is not enough to declare it obfuscated, for example the below 5 apps contain
minifyEnabled true and proguard section!
- blockchain: https://github.com/blockchain/My-Wallet-V3-Android/blob/5a6bce0549ac96256793393aa41ea46d4141fabd/app/build.gradle#L64-L71
- TRUSTEE https://github.com/trustee-wallet/trusteeWallet/blob/dd0be203afd11d148f0af6528a1679d5c38581ea/android/app/build.gradle#L193-L199
- ccwallet https://github.com/coincasso/ccwallet/blob/9e08f778f85339b8dae414d98cc5067023954d99/android/app/build.gradle#L129-L132
- cake wallet https://github.com/cake-tech/cake_wallet/blob/119c81fbf05af8f1874f08c86e3f158339c07c33/android/app/build.gradle#L67-L74
- muun https://github.com/muun/apollo/blob/7142f13f013b038fc474f572df7faa26af54d603/android/apolloui/build.gradle#L123-L128
The muun app is almost reproducible (diff only in xml file, not code)
The cakewallet & ccwallet & blockchain are currently FTBFS, so we don't know the diffoscope result.
The TRUSTEE wallet, I didn't test it, the provider say it's almost reproducible and show diffoscope output with explanation at: https://github.com/trustee-wallet/trusteeWallet#android-verifiable-builds
Will test more wallets regarding their obfuscations status later, the point is that it's need to be taken into account other data such as the diffoscope output, if the app is almost reproducible, and it's easy/fast to go over all the changes, which is the case in bither app it should not be shown as obfuscated.
The question is when to declare app as obfuscated? what about FTBFS bugs? what about closed-source apps? (need to run apktool and see inside the contents to check for it, etc...)