See it in a decompiler

Open the original APK in a decompiler like jadx and your classes, methods and strings are all visible.

Open the protected build and you'll see only the bootstrap loader stub. The original DEX is AES-256-GCM encrypted and loaded only in memory at runtime, so your classes aren't there.

With string/code obfuscation on, remaining literals and control flow are obfuscated too.

On every build we measure the share of classes packed behind the bootstrap shell and the encrypted-payload entropy — and, as above, you can always confirm the result yourself in a decompiler.

Honest scope: code is decrypted in memory at runtime. This makes static analysis impractical, and runtime extraction is countered together with RASP.