Android security for apk

Question

I'm developing an android application for my client. He wants me to submit the apk to him for testing. I almost finished the application and i want to implement some kind of security to make sure that my client doesn't cheat me, until the payment is done.

Is there any way to implement any kind of security in the code?

if u r toking about duplication problem then try this it may help u http://stackoverflow.com/questions/7717580/how-to-proect-apk-file-being-shared-with-other-people — Youddh, Mar 09 '13 at 07:00
Maybe what you want is answered [here](http://stackoverflow.com/questions/14255806/how-to-secure-android-apk-file-from-being-extracted) — Lokesh Mehra, Mar 09 '13 at 07:02
I think i can read all apk and their java code so it is not possible to hide from some one who have more than enough knowledge but it not always be similar as you code yes but it is understand able — Trikaldarshiii, Sep 01 '13 at 09:08
Obfuscate your code using Proguard level 5 . Sign the apk using a keystore and do not share the keystore to the client until he pays the money. Obfuscating with level 5 will ensure that the client is not able to read the code using reverse engineering — Arun, Nov 08 '13 at 05:18

score 1 · Answer 1 · edited May 23 '17 at 10:27

1

Did you ever hear of Proguard? This feature that you want is called Code obfuscation. Like pointed out in the comments, this is a duplicated question.

edited May 23 '17 at 10:27

Community

1
1

answered Mar 09 '13 at 07:04

PCoder

2,165
3
23
32

score 1 · Accepted Answer · answered Mar 09 '13 at 07:12

If you just need to send him/her the apk, you should obfuscate your source code . You can refer to this link——http://developer.android.com/tools/help/proguard.html，If you have finished it ,you needn't worry too much since the source code is in your hand and it's hard to get the source code by reserving. Besides your project has not finished . Last, even if your project is finished , it still works.

score 1 · Answer 3 · answered May 07 '15 at 15:40

This library on github called AndroidTimeLock might be useful. It's specifically designed for sending a dev/test build that will expire and stop working. Of course if the person in question is technical and determined they could decompile the app, remove the timelock check and recompile.

Adding code obfuscation proguard (or as I prefer the paid DexGuard) would of course increase the difficulty of this.

score 0 · Answer 4 · answered Sep 01 '13 at 07:27

0

You can make your core code builded a dex-format file.Then use some algorithms such as RC5 and others to encrypt your dex file.At last ,put the dex file in Asset file.Then when your project need the core code,you can dynmic loading/.

answered Sep 01 '13 at 07:27

agle

1
2

score 0 · Answer 5 · answered Jun 13 '20 at 11:52

0

I have compiled almost all security vulnerabilities and what measures to take before submitting your application to the play store. You can have a look here.

answered Jun 13 '20 at 11:52

Rehman Murad Ali

125
5

Android security for apk

5 Answers5