4

I develop Android app and some of the codes are very private and confidential. I make encryption algorithm into my code to increase the safety.

But recently I read, when people having an .apk file, they can extract the java source code with 100% correct Source.

Not just that, people also can get .apk from Google Play Store Source

Does it means people who has my .apk can view all my source code(java, .xml layout, library)? If yes, all my hard work to have a secure app is not achieved.

nani
  • 389
  • 9
  • 32
  • 2
    Maybe you should consider making your app secure rather than trying to prevent people from seeing your source code. Do you have sensitive credentials hard-coded in the application? Or is it that you don't want people to copy your layouts? Because someone could just try to recreate your application without even looking at the source code. – Dave Chen Jan 07 '17 at 03:11
  • I put encryption function which involves proprietary scsi command codes. It must can't be seen by other people. Its fine if recreate but if proprietary command is leaked, it dangerous to me. Yes, I should make my app more secure after this – nani Jan 07 '17 at 03:34

2 Answers2

4

Yes,hopefully There is a way of preventing other from getting your hard labor projects full source code . Enable ProGuard for your android application. ant will call ProGuard to obfuscate your code. Your code will be than shrinked as much as possible.Many functions and variables name will be replaced with shrinked form that nobody can decode or understand at all :)

More details are here: https://developer.android.com/studio/build/shrink-code.html

Note that enabling ProGuard takes build time much more than normal build time.So better to do it before release of your app.

Fahim Al Mahmud Ashik
  • 1,083
  • 10
  • 26
2

The process is called Android Reverse Engeneering. As @ash12 said , you can use ProGuard to obfuscate your source code. But then it will be a serious security-compromise if u store your app credentials like api tokens ,passwords etc.. in the source.

Also You could take a look at DexGuard , which is the commercial variant of ProGuard. It allows you to also encrypt the layout files and obfuscate the content of the manifest and other resource files (together with many other things).

Aswin Arshad
  • 90
  • 1
  • 11