Login/Register
Protecting Android apk to prevent decompilation, network sniffing etc
Asked Answered
Solved androidsecurityobfuscationnetwork-monitoring
R

1

2

Is there a way to protect Android apk file so that the source code cannot be regenerated? Also, there are a number of network sniffers that allow HTTP monitoring, is there a way to bypass these such that the incoming/outgoing network traffic could not be monitored?

I have read that code obfuscation, to some extent, is possible using SourceForge's Proguard(Reference).

What are other alternatives that I can look into?

Please advise.

Thanks.

Reseau answered 31/12, 2010 at 8:57 Comment(0)
M
8
  1. You can use an obfuscator to obfuscate the object code, which makes it harder to decompile (at least with an automatic decompiler). No amount of obfuscation can totally prevent manual decompilation.
  2. Use HTTPS to prevent sniffing. Simple!
Mascagni answered 31/12, 2010 at 8:59 Comment(6)
What if HTTPS is not always possible(for performance reasons - streaming live content say)?Reseau
@Reseau Then you'd have to ask yourself if what you're doing should be done on a mobile device; if something needs to be that secure (as you're implying) then why are you opening it up to the public via the web and mobile devices?Grub
Apart from obfuscation the following post suggests that sensitive code could be implemented in native code and then we can ensure that the native code is called ONLY by our app by matching the digital signatures. digital-identity.dk/2010/12/…Reseau
@Samuh: It raises the bar a little, but in the end, a skilled reverse engineer can still get at your program. Just keep that in mind.Mascagni
Similar discussion:groups.google.com/group/android-developers/browse_thread/thread/…Reseau
@CJY: Agreed. Thanks for your time and reply. Wishing you a very happy new year! :)Reseau

© 2022 - 2024 — McMap. All rights reserved.