I have Android application on Play Store and build backend using Ruby on Rails. but some people are making an exact copy of my application using reverse engineering and they are using my APIs. how can I add authentication in my API so that I can prevent access to those applications which are copied form my application. I have implemented basic token authentication in which I am sending token to my APIs from Android app.
Asked
Active
Viewed 100 times
0
-
Check out this link https://stackoverflow.com/questions/4336637/is-it-really-impossible-to-protect-android-apps-from-reverse-engineering – Sanket Shah Aug 18 '18 at 08:48
2 Answers
0
You have to know that android apps are identified by their Digital signature and package name, you have to sign your package.
https://developer.android.com/studio/publish/app-signing
Even if you Sign your app, decompilation is feasible. you may add extra level of security with will provide by obfuscation tools the well-known of which is Proguard.
It seams you didn't obfuscate your app which results code readability after Decompilation. The paid solution is using Dexguard, which uses Proguard with additional level of encryption. Both are products of Guardsquare.
To get familiar with such tools refer to Guardsquare user-manual:
Mahdi Rajabi
- 582
- 1
- 4
- 11
0
I'm not an Android expert, but I am a Rails expert. That said, I don't think Rails API security will help you here. If they decompiled your Android app, they'll just do it again when you release a new version and get whatever authentication scheme you implemented too.
Sorry.
danielricecodes
- 3,446
- 21
- 23