How do I encrypt or hide my api url in android?

Question

I am working on a client server application in which I have an API from my server which sends me response in JSON.

If somehow anyone tries to extract my code from the apk. I do not want to let him know my API. What are the steps should I use to encrypt it? Any specific way or some encrypt algo.

How do I hide this api in my code:

http://www.androidhive.info/2012/01/android-json-parsing-tutorial/

Database ? any rooted device can read DB and even many app available to change DB run time from phone — MilapTank, Mar 26 '14 at 05:42
@raj for inserting link in database you should have that link in your code then how can it would be encrypted? — yuva ツ, Mar 26 '14 at 05:43
Follow the Below link https://stackoverflow.com/questions/46816825/how-to-hide-api-url-and-parameters-in-android-app/47942035#47942035 It works! — Pavan Pyati, Mar 05 '18 at 07:33

score 0 · Answer 1 · answered Mar 26 '14 at 05:40

0

You can store your link in string.xml file example-

<resources>

    <string name="app_name">MYAPP</string>
    <string name="myurl">http://www.google.com</string>

</resources>

& access it in activity as

  getString(R.string.myurl);

it's working at my side.

answered Mar 26 '14 at 05:40

yuva ツ

3,707
9
50
78

4

using tool i can read XML files and String extractor tools available – MilapTank Mar 26 '14 at 05:46
@milaptank Please can you share how string.xml file can be extracted while encrypting apk file for my knowledge – yuva ツ Mar 26 '14 at 05:51
using apkanalyser tool you can extract all your XML file of apk even layout XML also :) – MilapTank Mar 26 '14 at 05:56
I just change apk extention to .zip I can see all the resources – Dayanand Waghmare Sep 13 '16 at 09:49
still u can see by decompiling it – Ravindra Bagale Feb 13 '18 at 08:35
the url will be displayed when you decomplied apk – karan May 02 '23 at 11:45

score 0 · Answer 2 · answered Mar 26 '14 at 06:00

0

use function

public String getUrl()
{
    String url = "http://api.androidhive.info/contacts/";

    return url;
}

if you have any argument than pass that arg in function arg if you have multiple urls than you can use switch case

    // switch (URL_type) {
    // case BASE_URL:
    // return baseUrl = "http://api.androidhive.info/contacts/";
    // break;
    //
    // default:
    // break;
    // }

any tool that decompile java file than its only show function name not function code

Use proguard-project to protect your APK see documentation

answered Mar 26 '14 at 06:00

MilapTank

9,988
7
38
53

I tired using proguard and got this error. Can you solve this? http://stackoverflow.com/questions/22498111/proguard-error-android-unable-to-access-jar-file/22646688?noredirect=1#22646688 – WISHY Mar 26 '14 at 06:06
see this links http://viralpatel.net/blogs/protect-java-code-decompilation-using-java-obfuscator/ https://java.net/projects/shield4j/pages/Home – MilapTank Mar 26 '14 at 06:12
milapTank have you tried this ? are you sure ? it will work ? – Developine Apr 21 '16 at 12:23
@HammadTariqSahi once i have tried decompile at that time i am not able to retrieve function code but still i am in search of String encrypt – MilapTank Apr 21 '16 at 13:22
Hey @HammadTariqSahi i found this `https://gist.github.com/milaptank/25de743c6417a3ccb4da9ca35748fbcc` . Is it help us ?? – MilapTank Apr 23 '16 at 05:41

How do I encrypt or hide my api url in android?

2 Answers2