How to prevent android app to decode?

Question

Anybody help me to how to hide Api web service link in android apk like i made android app but someone decode my app and get API WEB service but i dont want someone see my WebAPi

score 3 · Answer 1 · answered Jul 19 '17 at 10:00

When it comes to hardcoded Strings in either Java classes or xml files, it is quite difficult to protect against since Proguard or similar obfuscation methods don't obfuscate hardcoded Strings.

You could encrypt the String you want to protect, one of many links to how this can be done is here: How to encrypt and decrypt String with my passphrase in Java (Pc not mobile platform)?

However it is very important to note that your encryption key would also have to be stored in your application.

In the end, you can only make it more difficult (time-consuming) for the person decoding your app.

score 2 · Answer 2 · answered Jul 19 '17 at 10:27

1.) Use Proguard to secure your apk

https://developer.android.com/studio/build/shrink-code.html

Proguard is free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names.

2.) Add Auth token or secret password on web API headers. So that only authorize request will be validated.

3.) You can encrypt and add salt on any hardcoded strings.

adding salt and append it on string, and store it on db or preference to make it more secure

Hope it helps.. :)

score 1 · Answer 3 · answered Jul 19 '17 at 10:13

1

you can prevent your code using proguard in you project's proguard-project file write as follows

  -keep class com.myProject.package.** { *; }

answered Jul 19 '17 at 10:13

Sonal Bharwani

61
11

How to prevent android app to decode?

3 Answers3