Android Question hide package name for security

[Masoud44]

Hi everyone
Is it possible to hide my package name (in Project Package->Build Configuration: ....) so that if someone decompiles the Apk, they won't find my package name? For example, at runtime or in some other way
This is very important because if someone uses the same name that I used, so when the user installs this new app, even if the apk name is something else, it will be overwritten on my app.

 

[Erel]

No.
All the information in the manifest file, including the package, cannot be hidden.

 

[AnandGupta]

if someone uses the same name that I used,

Not possible by another GPlay enrolled user.
Only someone who directly send apk files via social media. You can not do anything here.

 

[JohnC]

FYI - If a user tries to install a "clone" of your app on top of your app, the user should get an error because the signing key of the clone app won't match your apps signing key - and Android will refuse to install the clone app on top of your app.

The only way the user can install the clone app is to first uninstall your app.

 

[Masoud44]

The only way the user can install the clone app is to first uninstall your app.

I am tested it and it was overwritten.
I wrote a program called MyApp and put the package name to img.app in configurations and after build "Myapp.apk" with release (obfuscated) send to phone and installed it.
Then I wrote a program called Hacker and put the package name to img.app in configurations and after build "Hacker.apk" with release (obfuscated) send to phone and installed it.
and I saw that the hacker program replaced my program without any warning from Android.

 

[JohnC]

The hacker version you created is overwriting your real app because you compiled the hacker version with the same copy of B4A which used the same Private Signing Key as your real version. So, because the signing keys are the same between the two APK's, Android allowed the hacker app to overwrite the real version. However, this wont happen in real life with an APK created by a hacker because a hacker will NOT have a copy of your private signing key, so they won't be able to create an APK that will be able to overwrite your app because android won't allow it because the signing keys won't match.

You can access your private signing key from the B4A IDE "Tools" menu.... "Private Sign Key". WARNING: Do NOT try to change the private signing key in B4A to simulate creating a hacker version of your app because if you don't know what you are doing and don't save your existing/original private key that you have been using all this time, then you will loose your original private key and this can cause you a bunch of problems with releasing new versions of ALL your apps because you will no longer be able to compile APKs that use the original private key because you lost/changed it, so any updates of your apps won't be able to overwrite any existing versions.

 

[AnandGupta]

the user should get an error because the signing key of the clone app won't match your apps signing key - and Android will

You missed this.
Sign different and check.

 

[Masoud44]

B4A IDE "Tools" menu.... "Private Sign Key"

Thank you JohnC for your complete explanation, I really did not know this, I am relieved

 

[Masoud44]

You missed this.

thank you anand you are right, i missed it