Protecting my apps security from a disassembler

Question

So I recently tested deassembling one of my android apps, and to my horror I discovered that the code was quite readable. Even worse, all my variable names where intact! I thought that those would be compressed to something unreadable at compile time. The app is triggered to expire after a certain time. However, now it was trivial for me to find my function named checkIfExpired() and find the variable "expired". Is there any good way of making it harder for a potential hacker messing with my app?

Before someone states the obvious: Yes, it is security through obscurity. But obviously this is my only option since the user always will have access to all my code. This is the same for all apps. The details of my deactivation-thingy is unimportant, the point is that I dont want deassembler to understand some of the things I do.

side questions: Why are the variable names not compressed? Could it be the case that my program would run faster if I stopped using really long variable names, as are my habit?

Answer 1

An Obfuscator is the best solution.

Here's one I haven't actually tried but looks promising: http://proguard.sourceforge.net/FAQ.html#android

ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names. Finally, it preverifies the processed code for Java 6 or for Java Micro Edition.

Answer 2

Proguard is pretty much everything you need.
I'm using it for all my apps and it works great, reducing app size by ~30% as a side-effect.
Problem is, I had to write a custom bash build script as you can't plug Proguard into existing Android ant build process. Probably should get a blog and write about it. :)