Skip to content

Enhancing app security with Kotlin inline functions

Posted on:November 7, 2023

This is the first post about Kotlin skills, and we will discuss inline functions.

🤔 What are inline functions ?

In case you are familiar with inline functions in Kotlin, feel free to skip this chapter.

Inline functions are not exclusive to Kotlin. Simply put, when using an inline function, the compiler will directly insert the function code into the code of the calling function, rather than creating a separate function object for the parameter and making a call to it.

fun main() {
  check() { println("foo") }
}

inline fun check(action: () -> Unit) {
  println("begin")
  action()
  println("end")
}

Above is a inlined function named check, the compiler could emit the following code:

fun main() {
  println("begin")
  println("foo")
  println("end")
}

The reason for doing these is to improve performance by avoiding the creation of objects by these higher-order functions.

👍 Why can it enhance app security ?

Not inlining functions makes it easier for hackers to analyze their parameters and returns, potentially leading them to make assumptions about their purpose.

By inlining certain sensitive functions, such as a paywall function, the compiler will copy it into each code of the caller, regardless of how many times it is called. This approach offers two advantages:

  1. It makes it more challenging for hackers to identify the paywall function.
  2. It prevents hackers from easily editing the paywall function once to remove all paywalls.

There is no guarantee of achieving 100% security, but it is indeed possible to increase the difficulty of hacking.

🙏