Debugging with confidence: Data Management and Code Privacy in the Kotzilla Platform

Modern Kotlin apps, whether they target Android or are built with Kotlin Multiplatform (KMP) and Compose Multiplatform (CMP) are composed of dozens (or hundreds) of modules. Each one contains components such as ViewModels, Repositories, Services, and screens that interact across feature boundaries, scopes, threads, and now platforms.

As your architecture scales, so does the risk of hidden performance issues, crashes, or subtle bugs that only surface on specific devices or targets in production.

The Kotzilla Platform is built to give Kotlin developers using the Koin framework a clear, high-fidelity view of what's really happening in your apps at runtime, across every supported target, without requiring access to your implementation logic or user data.

In this article, we'll break down exactly what the platform collects, how it handles data, and why your code remains private and secure whether you're debugging locally, in production, or through the Kotzilla MCP Server from your AI coding assistant.

What the Kotzilla Platform does

The Kotzilla Platform is composed of four components:

• The Kotzilla SDK: a built-in instrumentation library that monitors your app's components (ViewModels, Activities, Compose Navigation) and their dependencies across threads, lifecycles, and targets in real time. It supports Android, KMP and CMP projects with the same setup.
• The Kotzilla Console: analyses the captured signals server-side and provides graphical views to help you investigate performance issues and crashes, enabling fast root cause analysis and efficient resolution.
• The Koin IDE Plugin: helps visualise your Koin configuration and navigate the dependency graph in Android Studio or IntelliJ, and also connects server-side to help you investigate performance issues and crashes inside your development environment.
• The Kotzilla MCP Server: exposes those insights to AI coding assistants (Claude, Cursor, and others), so you can query your app's runtime behavior and apply fixes from inside your IDE.

The SDK collects the data that helps you detect issues like:

• Component resolution blocking the main or background threads
• Inefficient component dependency trees
• Repeated or excessive instantiations
• UI lifecycle delays
• Slow rendering of Activity, Fragment, and Compose Navigation screens
• ANRs and crashes, with full Kotlin stack traces on all targets in KMP/CMP projects

The SDK works in the background without requiring manual traces or code modifications. It operates in both development and production environments and is tightly integrated with Koin, using its container as a signal source.

What the SDK captures

The Kotzilla SDK collects technical metadata about how your components and dependencies behave at runtime. This includes:

Component & dependency structure

• Component type, scope, and instantiation patterns
• Injection relationships and dynamic resolution paths
• Full component tree per session

Lifecycle & performance metrics

• Creation time for each component or dependency
• Call frequency and resolution depth
• Thread usage during resolution
• UI lifecycle tracking for Activities, Fragments, and Compose Navigation screens
• Screen rendering times and ANR detection across all targets

Crash data

• Crash type and timing
• Stack traces with frame origins, including iOS crashes in KMP/CMP projects

Version-aware metrics

• Data segmented by app version and version code
• Performance comparisons across releases
• Issue tracking scoped to affected sessions only

This gives your team precise visibility into the runtime characteristics of your app, across every target, without requiring manual tracing.

What the SDK doesn’t capture

To be explicit, here’s what the Kotzilla SDK does not collect:

Code Privacy in Production

Obfuscated by default

In release builds, all class and method names are obfuscated by tools like R8 or ProGuard. To map the obfuscated names back to the original ones in the Console, you upload a mapping file. Mapping files are managed by the Kotzilla Gradle plugin and uploaded only if you opt in. You stay in full control of what is shared.

iOS crash symbolication

On iOS, the same principle applies. Crashes are captured on-device with PLCrashReporter and stored as raw addresses by default. To get readable Kotlin stack traces in the Console, you upload your dSYM file with the setupKotzillaXcode script. As with Android mapping files, dSYM upload is opt-in and entirely under your control.

Security and Compliance

The Kotzilla Platform meets modern security and data protection requirements:

• All communication is encrypted via HTTPS
• SDK access is scoped by API keys and tokens
• No PII or user-specific data is collected
• Fully GDPR-compliant

Kotzilla MCP Server: Data Management

The Kotzilla MCP Server connects the Kotzilla Platform to AI coding assistants (Claude, Cursor, and others). It allows developers to query their app's performance data and get AI-assisted remediation guidance without leaving their IDE.

Tools exposed

The MCP Server exposes three categories of tools:

• Read-only queries: return performance metrics, issue context, dependency resolution trees, screen-level performance, and platform activity summaries derived from your app's runtime data.
• Static knowledge base: returns fix patterns, checklists, and SDK setup instructions. No user data is involved.
• Write operations: limited to platform configuration (creating an app entry and generating its SDK configuration). No analysis or user data is written back to the platform.

For the complete and current list of tools, see the Kotzilla MCP Server reference.

What data transits

• Performance metrics: resolution times, thread info, session counts
• Structural data: component class names, dependency graphs, Koin module structure
• Issue metadata: type, severity, affected versions

What does NOT transit

• No PII or end-user data
• No source code
• No credentials or tokens in the payload (auth is handled separately)
• No data is written back to the platform beyond app configuration

Security and data ownership

• Org-scoped access: the MCP Server authenticates against the user's Kotzilla organization. Each user can only query apps belonging to their org.
• No AI training: no customer data is used to train any model. Data served by the MCP Server is consumed by the LLM for the current session only.
• Kotzilla-owned data only: all data exposed through the MCP Server is produced by Kotzilla's proprietary analysis algorithms. It is derived from SDK instrumentation, not raw user data.

Summary

The Kotzilla Platform gives you deep runtime visibility into how your Kotlin app's components behave, across every Android and Kotlin Multiplatform target, without compromising code privacy.

It captures technical metadata, not business logic, to identify issues related to component or dependency resolution delays, thread misuse, slow screens and crashes. In production, class and method names are obfuscated by default, and mapping file and dSYM upload are entirely under your control.

The Kotzilla MCP Server brings the same insights into your AI coding assistant, with org-scoped access, no AI training on customer data, and no source code or PII in transit.

With secure, encrypted communication and zero user data collection, the platform is built to support high-trust environments from early development to post-release debugging and AI-assisted remediation.

If you're maintaining a large Kotlin or Kotlin Multiplatform codebase, you are using Koin, and you need actionable insights without exposing sensitive logic, the Kotzilla Platform is built for that job.