Konstantin Zolotov

Senior Android Engineer @ Bumble

Talk Title

Bytecode analysis for everyone!


Salle 2.04




10:30 > 45 min


on Twitter

Analysing bytecode is an underestimated tool that provides value to us as developers and business that other tools can't:

- We can verify that the compiled binary going to production doesn't contain debug code
- It allows us to check that obfuscation is working as intended
- By comparing APKs/AABs we can understand how changes in source code affect the compiled binary (e.g.: “why is my DEX file growing?”)

Diving into the depths bytecode can feel daunting, and even mastering the skill, manual processes don't scale well to the entire team.

But what if I told you that it's possible to build an automated bytecode analyzer and it is easier than you would expect?

In this session:
- We'll discuss how to utilise existing open source libraries to build automated bytecode analysis in your CI pipeline
- I'll show you the basic building blocks: how to parse bytecode and deobfuscate it.
- I'll also share how to build a tool that makes the difference between two builds obvious using those blocks.

Come to this talk to learn how to harness the hidden power of the tools we use every day!

Speaker Bio

Got into Android by rooting, patching and flashing custom firmwares somewhen around Android Gingerbread.
Worked in product teams since 2014 and joined a core team at Bumble in 2022 to make other developers happy.