0

My android app interacts with a server on my local machine. The machine's IP is in the app. Can someone view the IP by getting inside the APK?

kurious
  • 1,024
  • 10
  • 29
  • if the ip address is written in plain, then yes, pretty obvious, that's if they get into your apk, and have time to go through it.. – Elltz Apr 11 '15 at 01:10
  • 2
    Even if you can protect the user from seeing the IP in the application's resources, you can't guarantee that the user can't sniff the network traffic. If a user's device is contacting your server, then the user can see that. And they can see the details of that contact. Why do you want to prevent this, anyway? – David Apr 11 '15 at 01:15
  • Thank you Elltz and David. I'm prototyping my app and want to get it out there for feedback. I understand running a server on my local computer is risky. I just don't want to get too deep into security (without being utterly reckless). I'm slightly concerned about people doing nasty stuff to the computer or network after getting hold of the IP. – kurious Apr 11 '15 at 01:26
  • What David brought to light is far MORE likely – Petro Apr 11 '15 at 01:30

2 Answers2

2

Yes android apk are easily extracted, and all of the code is shown. You can use something called ProGuard, to hide your code. http://developer.android.com/tools/help/proguard.html

Arlind Hajredinaj
  • 8,380
  • 3
  • 30
  • 45
1

If someone goes through these steps: Is there a way to get the source code from an APK file?

Then looks for an IP, then YES they can.

Community
  • 1
  • 1
Petro
  • 3,484
  • 3
  • 32
  • 59