What types of applications should be obfuscated?
Anyone developing Java applications where the source code is not publicly available or there is private information embedded inside the code should obfuscate. One argument we have heard is that “we are writing corporate-wide software, so we don’t need to obfuscate”. Assuming the company provides all employees access to the source code for that application, then this is true. But, if not, whoever has access to the application can easily reverse engineer the source code with a freely available tool or an online web submission. If you have any information such as SQL, username/passwords, proprietary business logic etc. inside the application it can be easily obtained. In addition, applications that have a networked/distributed component, browser based, or written for J2ME will clearly benefit from compaction.
