Android Question protect the APK as good as possible

marcel · Feb 12, 2016

Hi,

My customer want's me to protect the APK as good as possible. Currently I use the release (obfuscated) to protect it. But I found also a tool "DexProtector" which do similar things. But this cost a awful lot of money. Do you really think this is much better?

Are there any other alternatives that you know of?

Best Regards,

Marcel

lemonisdead · Feb 12, 2016

Hello Marcel,
@Informatix sells a sheet describing in details how to really understand how to and to protect an app. It would be cheaper

imbault · Feb 12, 2016

lemonisdead said:
Hello Marcel,
@Informatix sells a sheet describing in details how to really understand how to and to protect an app. It would be cheaper

Do you have a link about that?

Thx

lemonisdead · Feb 12, 2016

Hello,
It is a part of his Pro Bundle https://www.b4x.com/android/forum/threads/probundle-chargeable.58754/

imbault · Feb 12, 2016

Thanks

marcel · Feb 13, 2016

This is probably very technical? Is there no easy tool that does this for you?

imbault · Feb 13, 2016

Hi Marcel, I don't really know, since APK is a ZIP container for many files including the java compiled dex file.
Obfuscation is a minimum. after you have to use a Decompiler and what you get is not very very readable.

Anyway, retro engineering has always existed

Erel · Feb 14, 2016

It will not be simple to use an external obfuscator as you will need to add exclusions for all the events subs.

Make sure to put all the sensitive strings in process_globals.

marcel · Feb 14, 2016

Ok, Thank you. Maybe something for a next release to improve the protection.

wonder · Feb 14, 2016

You could also save your strings on a native (.so) library.

Erel · Feb 14, 2016

marcel said:
Ok, Thank you. Maybe something for a next release to improve the protection.

You didn't explain what makes the external obfuscator better than the internal one?

lemonisdead · Feb 14, 2016

wonder said:
You could also save your strings on a native (.so) library.

(Interested to know how to do that)

DonManfred · Feb 14, 2016

lemonisdead said:
Interested to know how to do that

+1

imbault · Feb 14, 2016

wonder said:
You could also save your strings on a native (.so) library.

How you do that?

fredo · Feb 14, 2016

lemonisdead said:
Interested to know how to do that

+1

marcel · Feb 14, 2016

marcel · Feb 14, 2016

Erel said:
You didn't explain what makes the external obfuscator better than the internal one?

I just mean in general. For example encryption of strings..

wonder · Feb 14, 2016

lemonisdead said:
(Interested to know how to do that)

imbault said:
How you do that?

DonManfred said:
+1

fredo said:
+1

marcel said:
+1

Woww!!! Glad I caught you attention!!

Simple! Once you have Android NDK on your computer, just compile the following code with my Native Library Generator:

B4X:

char* myString1()
{
    return "I am obfuscated.";
}

char* myString2()
{
    return "I am obfuscated too!";
}

... you catch my drift!

Despite not being 100% hacker proof (nothing is!), it's a lot harder to disassemble an .so library than a regular Java one.
If you're really interested in protecting your apk, by all means, get the ProBundle and read Fred's tutorial.

Erel · Feb 15, 2016

Are you sure that the strings are not easily readable?

My guess is that it will be more difficult to read the strings if they are declared in Process_Globals (and obfuscated).

wonder · Feb 15, 2016

You're right, Erel. The strings are still exposed in .so file.

Android Question protect the APK as good as possible

Active Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Active Member

Well-Known Member

B4X founder

Active Member

Expert

B4X founder

Well-Known Member

Expert

Well-Known Member

Well-Known Member

Active Member

Active Member

Expert

B4X founder

Expert

Similar Threads

Privacy & Transparency

Privacy & Transparency