Funnily enough, I've seen much stronger obfuscation from reverse engineering from my cheap Tuya IoT devices app than from my bank app.
https://github.com/frida/frida
With Frida, you write JavaScript programs and then inject them into arbitrary processes, to hook and modify and call whatever you please.
It gets a lot of use in the reverse engineering and vulnerability research communities, but has broader scope too.
For instance, I used it recently to automate the UI of a video production program on Windows, by sending window messages to the main message loop from an injected thread, and hooking into various system dialog functions to override them.
> ...It’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX.
> ...Frida’s core is written in C and injects QuickJS into the target processes, where your JS gets executed with full access to memory, hooking functions and even calling native functions inside the process.
> There’s a bi-directional communication channel that is used to talk between your app and the JS running inside the target process.
Here's a description of the architecture:
https://frida.re/docs/hacking/
And the source:
https://github.com/frida/frida
---
Apparently using "wxWindows Library Licence, Version 3.1":
> This is essentially the LGPL, with an exception stating that derived works in binary form may be distributed on the user's own terms. This is a solution that satisfies those who wish to produce GPL'ed software using Frida, and also those producing proprietary software.
Try, for example, to disassemble Facebook's APK or disable pinning via FRIDA (https://github.com/frida/frida). It's not exactly easy, and with frequent releases, it's a moving target.