So… I am building a little benchmarking app and people will be able to send results to my web server.
If I have any success, and people being people, I anticipate that overly competitive users might hack their results for bragging rights of Facebook etc. So I have encrypted the communication, and I plan to obfuscate the code too (but not the benchmark loops, which are fragile enough as it is :-\ ).
However, I think I could hack that pretty easily. Lets say I wanted to attack the communication with the web server. All I need to do is decompile and search the obfuscated code for references to relevant classes from the Java APIs. Then I reverse engineer the little bit of the program that sends the message to the server, and now I can submit world-beating scores.
It seems almost futile. Do I need to obfuscate Java too?