I have learned from this post Reverse engineering from an APK file to a project that it is possible to get the java files from an apk. Does this mean a hacker can see my code?
Asked
Active
Viewed 4,057 times
1
-
3Even a non-hacker can. – shmosel Sep 07 '18 at 21:57
-
2Have you never heard of decompilers before that article? For almost as long as there has been software, there have been tools to debug and decompile that software. By definition, you want the machine to perform specific operations on the basis of the instructions in your software. If the machine can determine what those operations are by reading them, then a human can too. – Elliott Frisch Sep 07 '18 at 22:00
1 Answers
8
Yes, but if seeing your code makes your app less secure, then your app's security model was flawed from the beginning. Any code or data that users shouldn't have access to should be run or stored only on your server, not on the users' devices.
Also, beware of snake oil obfuscators that claim to make it impossible to reverse-engineer your code. None of these work; anything your device can execute can be reverse-engineered with enough effort (except maybe SGX, but that doesn't exist on phones).
Joseph Sible-Reinstate Monica
- 45,431
- 5
- 48
- 98
-
-
Any code that users shouldn't have access to should be run on your server, not on the users' devices. – Joseph Sible-Reinstate Monica Sep 07 '18 at 22:14
-
2@TristenEdwin *How am I to protect my intellectual property then?* Bill Gates' [Open Letter to Hobbyists (February 1976)](https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists#/media/File:Bill_Gates_Letter_to_Hobbyists.jpg) – Elliott Frisch Sep 07 '18 at 22:23
-
6@TristenEdwin Two things. First, laws protect your intellectual property, not making reverse engineering difficult. Secondly: it really isn't that valuable. Unless you're doing top tier research, anyone can make a clone of your app. What's valuable is the business you've built around it, and your knowledge/ability to move the app forward. – Gabe Sechan Sep 07 '18 at 22:59