-3

I have been doing lot of research on how to prevent people from accessing the manifest and layout files.

i know proguard is used for obfuscating code, but then it works only on Java code not on the res folder.

I have been through some answers like download content at run time instead of keeping them in assets and all that. But for now my concern is not to protect asset files. In my case it's manifest and the res folder I need to take care of. I have many types of keys stored in there like analytics xml file app_tracker.xml for example.

This isn't only about the secret keys I have in xml files, but also the logic of layout designing that is at risk.

These are the threads I found while I was doing research, but nothing was of any help to me.

1) How to avoid reverse engineering of an APK file?

2) How to protect a java application from reverse-engineering or code stealing?

I know reverse engineering cannot be avoided, but is there any way I can protect my manifest from being readable from hackers?

Community
  • 1
  • 1
Jolson Da Costa
  • 1,095
  • 1
  • 12
  • 31
  • 1
    *but is there any way i can protect my manifest from being readable from hackers* yes ... do not publish the app/source – Selvin Aug 09 '16 at 10:14
  • Great! your solution to this problem is close eyes and think everything is fine. – Jolson Da Costa Aug 09 '16 at 10:20
  • No ... you did close an eyes ... apk format is well defined(more or less zip) manifest format in apk is well defined (axml-binary xml) ... so obviously, only not publishing the apk is the way – Selvin Aug 09 '16 at 10:22

2 Answers2

1

You could take a look at DexGuard, which is the commercial variant of ProGuard. It allows you to also encrypt the layout files and obfuscate the content of the manifest and other resource files (together with many other things).

T. Neidhart
  • 6,060
  • 2
  • 15
  • 38
1

If a phone can parse the manifest in order to install the app, then a user can parse the manifest too. It's as simple as that.

On a side note, obfuscation doesn't prevent people from seeing what's in your app - it just gives you a false sense of security. The security model of your app should assume that anything contained in the apk is public knowledge.

Antimony
  • 37,781
  • 10
  • 100
  • 107
  • Sadly this is bad, what if i spend sleepless nights on developing an app and release it then and someone decompile it change the layouts make some other changes and upload it. Scary it is. – Zeeshan Shabbir Mar 05 '17 at 11:27