I'm interested in finding out what you guys are implenting to protect your apps from decompilation of jar files. I've read a lot about obfuscation in forums and other material.
But the main problem is obfuscation does not help with strings. In my app I trade XML between app and the server. It also has a user/pass. How do I protect this from hackers trying to decompile it?