7

I have built a flutter apk in release mode and I would like to test if my app is really obfuscated and my code cannot be read. So I tried to decompile the apk using the APK Decompiler.

I had many files after decompiling. The question now is: What is the file that contains the source code and how do I know if it can be read or not?

I have some doubt on libapp.so, is it?

Xpleria
  • 5,472
  • 5
  • 52
  • 66
Sameh Khemira
  • 1,043
  • 1
  • 12
  • 20
  • I've never tried that by myself but getting info from this SO response (https://stackoverflow.com/a/56346914/6518928) if the APK has been generated using release mode then it could be only deserialized using the Flutter engine in run-time. – Jaime S Jan 07 '20 at 16:51
  • thank you so much for the answer, I have found more details on this [link] (https://github.com/flutter/flutter/wiki/Flutter-engine-operation-in-AOT-Mode) – Sameh Khemira Jan 08 '20 at 13:39
  • You are welcome @Sameh-Khemira; Do not hesitate to publish an answer for your own question if after your research you find a solution for your question; I think that It would be very useful for the community. – Jaime S Jan 09 '20 at 12:24

1 Answers1

5

I confirmed my doubt when I was to able to open the libapp.so (shared object) file using Ghex and I have found some words of my code (like text and some style proprieties) but the source code is really obfuscated and it cannot be simply read.

Sameh Khemira
  • 1,043
  • 1
  • 12
  • 20
  • what about strings? Can anyone decompile my app and access its data like strings andfirebase config file? – Robert Williams Feb 25 '20 at 17:11
  • 2
    Sorry for the late answer, well what i found when exploring the libapp.so is some text of the app like titles and some style properties. The assets were also visible, but nothing from the data was visible and even the variables names were obfuscated. – Sameh Khemira Jun 19 '20 at 08:37