Android Question How to hide IP address from my apk?

incendio

Well-Known Member
Licensed User
Longtime User
Hi guys,

I tried virustotal.com to scan my apk. This apk is a jRDC application.

After the scan result finished, under Behaviour Tab, on section IP Traffic, there are a list of IP addresses that my apk used.

These IP's addresses was not encryped. Is there a way to hide/encrypt these IP's addresses?
 
Sort by date Sort by votes

JohnC

Expert
Licensed User
Longtime User
If the scanner detected the IP addresses as plain text in your apk, then you should be able to use simple text encryption to convert the plain text IP addresses into encrypted characters instead of numeric IP strings.

But, if the scanner got those IP addresses by actually monitoring the live connections your app made to somewhere on the internet, then there is nothing you can do about that.
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
Thanks for your reply, will try to encrypt the ip in my app and try to submit it again to virustotal.
 
Upvote 0

JohnC

Expert
Licensed User
Longtime User
You may also need to protect those endpoints with a password or API key and then make a connection to them using something like SSL to prevent man-in-the-middle snooping of the password or API key.
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
JohnC said:
You may also need to protect those endpoints with a password or API key and then make a connection to them using something like SSL to prevent man-in-the-middle snooping of the password or API key.
Click to expand...
Care to tell me how to protect the end point with password?
 
Upvote 0

JohnC

Expert
Licensed User
Longtime User
If one of the endpoints are a web service, you can add a password parameter to it.

But if the endpoint is only the jRDC, then this thread might help:

jRDC2 is it safe?

sorry for my ignorance but i hear a lot of people saying using PHP is not safe to connect to a MySQL DB. and i hear a lot erel saying the best solution is to use jRDC2. so i tried and watched the whole tutorial of him here i must say that i was surprised that everything worked. so i managed to...
www.b4x.com
 
Upvote 0

Erel

B4X founder
Staff member
Licensed User
Longtime User
incendio said:
These IP's addresses was not encryped. Is there a way to hide/encrypt these IP's addresses?
Click to expand...
Yes*

* - obfuscated

Code Obfuscation

This tutorial is relevant for B4A and B4J. During compilation B4A generates Java code which is then compiled with the Java compiler and converted to Dalvik (Android byte code format). There are tools that allow decompilation of Dalvik byte code into Java code. The purpose of obfuscation is to...
www.b4x.com
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
I have already done that, this is the code on Main Activity
B4X: 
Sub Process_Globals
    Public ConnSvr as String = "http:xxx.xxx.xxx.xxx:1000/rdc"
End Sub

But the IP address still visible.
Am I doing wrong here?

I am only submitted (online) my apk to virustotal.com, not run the app and let them scan it while the apk runs.
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
Erel said:
Have you compiled in obfuscated mode? The ip address will not appear as a string. You can see it in the generated java code.
Click to expand...
Yes it is in obfuscated mode.

Here is the screen shot result after the scan
 

Attachments

  • ss.png
    64.2 KB · Views: 391
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
I use search function in B4A, that link was not found elsewhere, it was only in the Process Global Sub.
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
Erel said:
<project folder>\Objects\src
Click to expand...
Not found.

I deleted all comments that containts IP address, compiled again and submitted again to virustotal.com and it worked. No IP visible after the scan.

Made some changes, compiled and submitted again, after the scan, IP detected again.
Realy confused.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Question
Android Question B4A Bridge Connecting to an IP address
Replies
8
Views
2K
Colin Evans
  • Article
Android Code Snippet [B4X] Find all reachable ips in the local network
Replies
10
Views
4K
LucaMs
H
  • Question
Android Question Change IP Address (Mobile)
Replies
1
Views
4K
John Naylor
J
  • Article
Android Code Snippet Check if an IP Address is Private or Public
Replies
0
Views
3K
max123
S
  • Question
Android Question IP address confusing when upload file with FTP
2
Replies
26
Views
14K
OliverA
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…