/

Cross-platform Protection Strategy

Protecting cross-platform applications built with .NET MAUI or Xamarin requires a thoughtful strategy that accounts for shared code, platform-specific code, and the unique challenges of each target platform.

Typical Project Structure

A typical cross-platform solution might look like this:

MyApp/
├── MyApp.Core/                 # Shared business logic
├── MyApp.Models/              # Shared data models
├── MyApp.Services/            # Shared services
├── MyApp.UI/                  # Shared UI components
├── MyApp.Android/             # Android-specific code
├── MyApp.iOS/                 # iOS-specific code
└── MyApp.Tests/               # Test projects

Protection Strategy by Project Type

Core Projects (MyApp.Core, MyApp.Models, MyApp.Services)

These projects contain your most valuable business logic and should receive the strongest protection:

{
  "protections": {
    "rename": {
      "rename_public": false,
      "rename_arguments": true
    },
    "control_flow_advance": {
      "intensity": 8
    },
    "virtualization": {},
    "constants_encryption": {},
    "constants_mutation": {}
  }
}

UI Projects (MyApp.UI)

UI projects typically need less protection and should focus on maintaining compatibility:

{
  "protections": {
    "rename": {
      "rename_public": false,
      "rename_arguments": true
    },
    "constants_encryption": {}
  }
}

Platform-Specific Projects (MyApp.Android, MyApp.iOS)

These projects should use the standard mobile protections:

{
  "protections": {
    "rename": {
      "rename_public": false,
      "rename_arguments": true
    },
    "anti_jailbreak": {},
    "constants_encryption": {},
    "constants_mutation": {}
  }
}

Using Code Attributes

You can use the [Obfuscation] attribute to fine-tune protection at the type or member level:

// Exclude a class from renaming
[Obfuscation(Exclude = false, Feature = "-rename")]
public class MyPublicClass { }

// Exclude a method from control flow protection
[Obfuscation(Exclude = false, Feature = "-control_flow_advance")]
public void PerformanceCriticalMethod() { }

Best Practices

  1. Start with core projects: Apply protection to shared libraries first
  2. Test incrementally: Test after protecting each project
  3. Preserve public interfaces: Avoid renaming public APIs used across project boundaries
  4. Use code attributes: Use [Obfuscation] attributes to fine-tune protection
  5. Test on all platforms: Verify protection works correctly on each target platform

For platform-specific considerations, see Mobile Considerations.

Previous
Mobile Considerations
Next
Native AOT Support