2

Is there a way to protect Android apk file so that the source code cannot be regenerated? Also, there are a number of network sniffers that allow HTTP monitoring, is there a way to bypass these such that the incoming/outgoing network traffic could not be monitored?

I have read that code obfuscation, to some extent, is possible using SourceForge's Proguard(Reference).

What are other alternatives that I can look into?

Please advise.

Thanks.

Community
  • 1
  • 1
Samuh
  • 36,316
  • 26
  • 109
  • 116

1 Answers1

8
  1. You can use an obfuscator to obfuscate the object code, which makes it harder to decompile (at least with an automatic decompiler). No amount of obfuscation can totally prevent manual decompilation.
  2. Use HTTPS to prevent sniffing. Simple!
C. K. Young
  • 219,335
  • 46
  • 382
  • 435
  • What if HTTPS is not always possible(for performance reasons - streaming live content say)? – Samuh Dec 31 '10 at 09:58
  • 4
    @Samuh Then you'd have to ask yourself if what you're doing should be done on a mobile device; if something needs to be that secure (as you're implying) then why are you opening it up to the public via the web and mobile devices? – Alex Dec 31 '10 at 10:02
  • Apart from obfuscation the following post suggests that sensitive code could be implemented in native code and then we can ensure that the native code is called ONLY by our app by matching the digital signatures. http://digital-identity.dk/2010/12/protecting-ip-in-android-applications/ – Samuh Dec 31 '10 at 10:41
  • @Samuh: It raises the bar a little, but in the end, a skilled reverse engineer can still get at your program. Just keep that in mind. – C. K. Young Dec 31 '10 at 11:17
  • Similar discussion:http://groups.google.com/group/android-developers/browse_thread/thread/aae0f9818219e088 – Samuh Dec 31 '10 at 11:37
  • @CJY: Agreed. Thanks for your time and reply. Wishing you a very happy new year! :) – Samuh Dec 31 '10 at 11:38