I read this regarding how to extract code from apk.
I am really confused how does other app ensures security. I have a website. In that I have written all queries in PHP. So There is no way to get my queries unless they compromise my server.
In case of android app, I will have to write all the queries, connection details in Java. So when they can able to get code from APK, they can get my credentials. Isn't?
How does other app work? If I understood wrongly, please help me to understand.
So when they can able to get code from APK, they can get my credentials. Isn't?
Yes. If your app contains secrets and you distribute it to your customer, you customer has the secret.
Whilst you can obscure the secret using obfusctation tools like Proguard, his will be of limited effectiveness again all but the most casual attacker.
How does other app work?
Usually, the client-side app makes a connection to a front-end application on your server. The application server does its own identity management, connects to the database, and performs whatever limited range of operations the application allows for each user.
The application server is typically accessed using some kind of web services. You can re-use your PHP code here; the client app is then effectively just a convenient interface to making HTTP calls against your existing web site.
Android has a feature Pro guard. Pro guard convert all String and Const value into Obfuscated code. It also remove unused files. So by using pro guard, You will get two benefit. First You get your code security. Second, Apk size reduce to 25%.
