Mobile application security, especially time spent on applying it, is often seen as a necessary evil. Security tools that are actually effective require additional configuration efforts, and that doesn't always line up with the skillset needed to build great mobile apps. To optimize apps for performance, another set of manual processes is required to configure the build tools. On top of that, even when developers manage to configure these tools, app security and performance improvements are not always guaranteed nor noticeable by the end users. What if the skillset required for using these protection tools would overlap with regular app development skills? What if using these tools would actually remove some of the manual work required to optimise your application and save you time? In this talk we will show how this is now a reality! Attendees will have the following take-aways: * A brief overview of advanced R8 optimisation features and the effort that goes into using them correctly. * Insight in the concept of profile based optimisations, its shared benefits for application protection and the amount of manual work it can prevent. * A demo show-casing how easy it can be to run through a profile based configuration step. Practical and concrete examples of the non-security related benefits of a profile based configuration approach, e.g. automatic R8 baseline profiles, auto-generated keep-rules tailored to your code, order files to speed up native code loading, additional app size reductions beyond R8

In the world of Android development, the journey of Kotlin or Java source code to Dalvik bytecode is anything but straightforward. However, as with any complex system, this translation process can introduce quirks or unexpected behaviors leading to challenging debugging sessions. In this session, we’ll take a deep dive into how Java and Kotlin code ultimately becomes Dalvik bytecode. This transformation process can have some quirks introduced by the various tools involved in this process. Improving your understanding of these transformations can help tracking down complex problems related to them. Through the lens of our own experience developing a recompiler for Dalvik bytecode, we’ll share real-world examples of unexpected behaviors we encountered. The goal of this session is to arm you with a deeper understanding of the tools related to these translations in the Android ecosystem and practical ways to handle debugging issues related to them. As a sneak peek, here's an example of quirks we'll cover in this session: - When building an Android application, you compile against classes that might not be present on the device it's running on due to the difference in Android version. This can cause an invocation of a method call to fail after it is called through reflection, even though the regular invocation would succeed on that device. - The Android Runtime uses just-in-time compilation that compiles the Dalvik bytecode to machine code. We'll cover a bug we encountered in this compilation process, and share useful tools for diagnosing whether just-in-time compilation is the culprit of an issue you are debugging.