Secret Obfuscation

Most applications will have a need to store secrets inside an application; there are several ways to store a secret with different security requirements. Most of these methods are fairly easy to extract the intended information from the apk, even if obfuscated. To ensure secrets cannot be "de-obfuscated" they must be encrypted within the apk and decrypted at runtime.

MPS encrypts your secrets in a compiled native library that is decrypted at runtime and provides methods to obtain the protected secret values. Even after decryption, the secrets in the native library are still obfuscated to make runtime analysis of the app harder and prevent secret extraction.

Secret extraction tools from APKs exist that facilitate the analysis of the app to recover endpoints, API keys, etc. such as: https://github.com/dwisiswant0/apkleaks

Such tools will not work with MPS-protected secrets since they are obfuscated then encrypted (keeping them obfuscated in-memory after decryption) and require much more work and time to exploit.