Android Question secure my app variables after decompile

[Addo]

after decompile of my app i can see my variables values as a plain text which is very dangerous if this values hold some sensitive data

i can also see the passed sub parameters values which is very dangerous if its hold some sensitive data as well

how to secure this kind of breach ?

if i encrypt this value the decryption key can be grabbed easy from the java source as well what can i do ?

 

[Erel]

Code Obfuscation

 

[Addo]

i am doing this already release with obfuscation even though after decompile here

http://www.javadecompilers.com/apk

i can see every thing

 

[Addo]

this is a test apk with obfuscation i can see every thing after decompiling

 

[Addo]

thats a nightmare

 

[LucaMs]

Sorry, deteled by mistake

 

[Addo]

Not that only if you have subs used it will be revealed as a plaintext

 

[moster67]

Use code obfuscation as suggested by Erel. Make sure to assign the values to your variables in Process_Globals.

Sub Process_Globals
    'These global variables will be declared once when the application starts.
    'These variables can be accessed from all modules.
    Dim iamatext As String = "catch me"

End Sub

Sub Globals
    'These global variables will be redeclared each time the activity is created.
    'These variables can only be accessed from this module.
   
End Sub

Sub Activity_Create(FirstTime As Boolean)
    'Do not forget to load the layout file created with the visual designer. For example:
    'Activity.LoadLayout("Layout1")
   
    Log(iamatext)

End Sub

I compiled above code and used the decompiler you mentioned and I was unable to see the value of "iamtext" i.e "catch me" in the code generated.

Anyway, this is not a problem of B4A but with Android (and Java) in general.
If you want alternative solutions, try the ProBundle by @Informatix which is highly recommended.

 

[Addo]

@moster67 oh thats saved the day is subs also can be obfuscated like this ?

 

[Erel]

oh thats saved the day

Why aren't you reading the tutorial?
It is clearly explained there.

It also explains which subs and variables will be obfuscated.