How to avoid reverse engineering of APK files?

This article was translated from: How to avoid reverse engineering of an APK file?

The I AM Developing A Payment Processing App for Android, and the I want to Prevent A Hacker from Accessing the any Resources, Assets or Source code from at The APK File. I'm developing applicable to Android's payment processing application , and I want to prevent hackers from accessing APK Any resources, assets or source code in the file.

If someone changes the .apk extension to .zip then they can unzip it and easily access all the app's resources and assets, and using dex2jar and a Java decompiler, they can also access the source code. If someone changes the .apk extension to .zip, then they can unzip it and easily access all the resources and assets of the application, and using dex2jar and Java decompiler, they can also access the source code. Reverse the Easy to Very's IT AN ENGINEER Android APK File - See the Details for More Stack Overflow Question Reverse Engineering from A to AN APK File Project . For Android APK file is very easy to reverse engineer - For more detailed information, please refer to Stack Overflow problem : Reverse engineering from APK file to project .

I have used the Proguard tool provided with the Android SDK. I have used the Proguard tool included with the Android SDK . When I reverse engineer an APK file generated using a signed keystore and Proguard, I get obfuscated code. When I reverse engineer an APK file generated using a signed keystore and Proguard, the code I get is confusing.

However, the names of Android components remain unchanged and some code, like key-values used in the app, remains unchanged. However, the names of Android components remain unchanged, and some codes (such as the key values used in the application) remain unchanged . As per Proguard documentation the tool can't obfuscate components mentioned in the Manifest file. According to the Proguard documentation, the tool cannot confuse the components mentioned in the manifest file.

Now my questions are: Now my questions are :

The I CAN How Completely Prevent Reverse Engineering of AN Android APK? How to completely prevent Android APK reverse engineering? Is this possible? Is this possible ?
How can I protect all the app's resources, assets and source code so that hackers can not hack the APK file in any way? All resources, assets and source code for how to protect your application, so that hackers can not in any way APK file Hacking?
Is there a way to make hacking more tough or even impossible? Is there a way to make hacking more difficult or even impossible? What more can I do to protect the source code in my APK file? What can I do to protect the source code in my APK file ?

#1st Floor

Reference: https://stackoom.com/question/w8AT/ How to avoid reverse engineering of APK files

#2nd Floor

Developers can take the following steps to prevent an APK from theft somehow, developers can take the following steps to prevent APK theft in some way,

Basic Way to IS MOST at The use Tools like ProGuardto obfuscate Their code, But up an until now, IT has been quite 'apologetic' to Completely Prevent someone from decompiling AN App. The most basic method is to use a ProGuardtool to obfuscate their code, but until now, It is difficult to completely prevent someone from decompiling the application.
Also I have heard about a tool HoseDex2Jar . I also heard about a tool HoseDex2Jar . It stops IT Dex2Jarby the Inserting HARMLESS code in Android APK that confuses the AN and disables Dex2Jarand protects at The code from decompilation. It is harmless to stop by inserting code in the Android APK in Dex2Jarorder to confuse and disable Dex2Jarand protect the code from decompilation. It could somehow prevent hackers from decompiling an APK into readable java code. It could somehow prevent hackers from decompiling APK into readable Java code.
Use some server side application to communicate with the application only when it is needed. Only use certain server side applications to communicate with the application . It could help prevent the important data. It could help prevent the important data.

At all, you can not completely protect your code from the potential hackers . Somehow, you could make it difficult and a bit frustrating task for them to decompile your code. Somehow, for them, making them decompile your code can be difficult and frustrating. One of the most efficient way is to write in native code (C / C ++) and store it as compiled libraries. One of the most effective ways is to write in native code (C / C ++) and store it as compiled Library.

#3rd floor

1. How can I completely avoid reverse engineering of an Android APK? 1. How can I completely avoid reverse engineering of an Android APK ? Is this possible? Is this possible ?

AFAIK, there is not any trick for complete avoidance of reverse engineering. AFAIK, there is not any trick for complete avoidance of reverse engineering .

And also very well said by @inazaruk: Whatever you do to your code, a potential attacker is able to change it in any way she or he finds it feasible . @Inazaruk also pointed out well: no matter what you do with the code, the potential Of attackers can change it in any way they think feasible . You basically can't protect your application from being modified. You basically can't protect your application from being modified . And any protection you put in there can be disabled / removed. And all the protection measures you put in it can be disabled / removed .

2. How can I protect all the app's resources, assets and source code so that hackers can't hack the APK file in any way? 2. How to protect all resources, assets and source code of the application so that hackers cannot use any Ways to hack APK files?

You can do different tricks to make hacking harder though. You can do different tricks to make hacking harder though . For example, use obfuscation (if it's Java code). For example, use obfuscation (if it's Java code ). This usually slows down reverse engineering significantly. This usually slows down reverse engineering significantly .

3. Is there a way to make hacking more tough or even impossible? 3. Is there a way to make hacking attacks more severe or even impossible? What more can I do to protect the source code in my APK file? What can I do to protect the source code in my APK file ?

As everyone says, and as you probably know, there's no 100% security. As everyone knows, you may know that there is no 100% security. But the place to start for Android, that Google has built in, is ProGuard. But the starting point of Google's built-in Android is ProGuard. If you have the option of including shared libraries , you can include the needed code in C ++ to verify file sizes, integration, etc. If you need to add an external native library to your APK's library folder on every build, then you can use it by the below suggestion. If you can choose to include a shared library , you can include the required code in C ++ to verify file size, integration, etc. If you need to add an external native library to the APK's library folder every time you build, you can use it to pass the following suggestions.

Put the library in the native library path which defaults to "libs" in your project folder. Put the library in the native library path, which defaults to "libs" in the project folder . Built at The Native code you IF for at The 'armeabi' target an under the then PUT IT libs / armeabi . If you is "armeabi" build native code for the target, place it libs / armeabi down . Built with WAS IT IF armeabi-v7a the then an under PUT IT libs / armeabi-v7a. If it is used armeabi-v7a constructed, then placed under libs / armeabi-v7a.

<project>/libs/armeabi/libstuff.so

#4th floor

1. How can I completely avoid reverse engineering of an Android APK? 1. How can I completely avoid reverse engineering of an Android APK ? Is this possible? Is this possible ?

Impossible impossible

2. How can I protect all the app's resources, assets and source code so that hackers can't hack the APK file in any way? 2. How to protect all resources, assets and source code of the application so that hackers cannot use any Ways to hack APK files?

Impossible impossible

3. Is there a way to make hacking more tough or even impossible? 3. Is there a way to make hacking attacks more severe or even impossible? What more can I do to protect the source code in my APK file? What can I do to protect the source code in my APK file ?

More tough-possible, but in fact it will be more tough mostly for the average user, who is just googling for hacking guides. More tough-possible, but in fact, for ordinary users (they are just looking for hacking guides), This will be more difficult. If somebody really wants to hack your app-it will be hacked, sooner or later. If someone really wants to hack your app-sooner or later it will be hacked .

#5th Floor

100% avoidance of reverse engineering of the Android APK is not possible, but you can use these ways to avoid extracting more data, like source code, assets form your APK, and resources: it is impossible to 100% avoid reverse engineering of Android APK , But you can use the following methods to avoid extracting more data, such as source code, assets and resources in the APK:

Use ProGuard to obfuscate application code obfuscated using ProGuard application code
The Use NDK a using C and C ++ to PUT your Core and Secure Part of the Application code in .soFiles using C and C ++ NDK your application code in the core and part of secure .sofile
To secure resources, don't include all important resources in the assets folder with APK. To ensure the safety of resources, please do not include all important resources in the assets folder in the APK. Download these resources at the time of application first start up. Download these resources when the application starts for the first time.

#6th floor

AFAIK, you cannot protect the files in the / res directory anymore than they are protected right now. AFAIK, you can no longer protect the files in the / res directory, but you cannot protect them immediately.

However, there are steps you can take to protect your source code, or at least what it does if not everything. However, you can take some steps to protect the source code, or at least protect the source code instead of all.

Use tools like ProGuard. Use tools like ProGuard . These will obfuscate your code, and make it harder to read when decompiled, if not impossible. These will confuse your code, and even if it is not impossible, it will be difficult to read during decompilation.
Move the most critical parts of the service out of the app, and into a webservice, hidden behind a server side language like PHP. Move the most critical parts of the service out of the application, and move them to the Web service, hidden in the server-side language (Such as PHP) behind. For example, if you have an algorithm that's taken you a million dollars to write. For example, if you have an algorithm that's taken you a million dollars to write . You obviously don't want people stealing it out of your app. You obviously don't want people to steal it out of your app . Move the algorithm and have it process the data on a remote server, and use the app to simply provide it with the data. Move the algorithm and make it process data on the remote server, and then use the application to simply provide data to it. Or use the NDK to write them natively into .so files, which are much less likely to be decompiled than apks. Or use the NDK to write their native to .so files, and the possibility of their decompilation compared to apks Much smaller. I don't think a decompiler for .so files even exists as of now (and even if it did, it wouldn't be as good as the Java decompilers). I think so far, the decompiler of .so files is even It doesn't exist yet (even if it does, it's not as good as Java's decompiler). Additionally, as @nikolay mentioned in the comments, you should use SSL when interacting between the server and device. In addition , as @nikolay mentioned in the comments, SSL should be used when interacting between the server and the device .
When storing values on the device, don't store them in a raw format. When storing values on the device, do not store them in the raw format . For example, if you have a game, and you're storing the amount of in game currency the user has in SharedPreferences. For example, if you have a game and want to store the amount of game currency that the user has in SharedPreferences . IT's the ASSUME's the let 10000Coins is. Assuming it is 10000coins. Saving of INSTEAD 10000Directly, the Save a using IT AN algorithm like ((currency*2)+1)/13. Rather than directly saved 10000, but the use of ((currency*2)+1)/13the class of algorithms to save. INSTEAD of SO 10000, you the Save 1538.53846154INTO at The SharedPreferences. Therefore, you can 1538.53846154instead 10000save the SharedPreferences in. However, the above example isn't perfect, and you'll have to work to come up with an equation that won't lose currency to rounding errors etc. However, the above example is not perfect, you have to work hard to come up with one Equations that do not waste time due to factors such as rounding errors.
You can do a similar thing for server side tasks. You can do a similar thing for server side tasks . Now for an example, let's actually take your payment processing app. Now for an example, let's actually use your payment processing app . Let's say the user has to make a payment of $200. Assume that the user must pay $200. A RAW of sending INSTEAD $200value to The Server, A Series of Send Smaller, Predefined, up to values that the Add $200. Instead of sending to the server the original $200value, but a series of smaller transmission predefined value, which is the sum $200. For example, have a file or table on your server that equates words with values. For example, there is a file or table on your server that equates words and values. Say that the let apos SO CharlieCorresponds to $47, and Johnto $3. Hypothesis Charliecorresponds $47, Johnthe corresponding$3. INSTEAD of sending SO $200, you CAN the send Charlieat Four Times and Johnat Four Times. Therefore, you do not have to send $200, but can send Charliefour times and Johnfour times. On the server, interpret what they mean and add it up. On the server, interpret what they mean and add it up . This prevents a hacker from sending arbitrary values to your server, as they do not know what word corresponds to what value. This prevents hackers from sending arbitrary values to your server because they do n’t know which word corresponds to what value. As an added measure of security, you could have an equation similar to point 3 for this as well, and change the keywords every nnumber of days. As an additional security measure, you can also set a similar to point 3 for this And nchange the keywords every other day.
Finally, you can insert random useless source code into your app, so that the hacker is looking for a needle in a haystack. Finally, you can insert useless random source code into your application to allow hackers to find needles in a haystack . Insert random classes containing snippets from the internet, or just functions for calculating random things like the Fibonacci sequence. Insert random classes containing abstracts from the Internet, or just insert functions for calculating random things such as the Fibonacci sequence . Make sure these classes compile, but aren't used by the actual functionality of the app. Make sure these classes can be compiled, but the actual functionality of the application does not use these classes. Add enough of these false classes, and the hacker would have a tough time finding your real code. Add enough of these error classes, and it will be difficult for hackers to find your real code.

All in all, there's no way to protect your app 100%. All in all, there is no way to 100% protect your app . You can make it harder, but not impossible. You can make it harder, but not impossible . Your web server could be compromised, the hacker could figure out your keywords by monitoring multiple transaction amounts and the keywords you send for it, the hacker could painstakingly go through the source and figure out which code is a dummy. Your web server may be subject to Attacks, hackers may find your keywords by monitoring multiple transaction amounts and the keywords you send them for, hackers may bother to check the source code and find out which code is fake.

You can only fight back, but never win. You can only fight back, but never win .

asdfgh0077

Published 0 original articles · praised 8 · 30,000+ views

Private letter concerns