guys.
I want to refuse adb on released Android App, because I want to improved security on my App.
If I can make it, my App will be protected by apk extraction or reverse engineering.
Could you please show me any methods?
Thanks.
First, adb doesn't work on apps. It's an app of its own, and its just a shell that can be connected to from the external PC. So it has nothing to do with your app, the idea of your app "refusing adb" makes no sense because adb doesn't interact with your app at all.
Secondly, even if you could turn off adb- it would give you zero protection. You don't need it for apk extraction. I can think of a dozen other ways to do it off the top of my head, including any backup utility ever written, using an emulator, and just installing it to SD card.
Third- everyone needs to stop worrying about reverse engineering. Nobody cares about your app. It isn't special. You aren't writing algorithms that have never been invented before. There's nothing in your app a moderately talented engineer couldn't replicate without a single line of code just by seeing what your app does. And he'd probably do it quicker than you did, because it's always quicker to copy ideas than to come up with them the first time. Instead, worry about improving your app to continue to make it better for users. Do that, and your users will stick using your software. Waste your time and resources worrying about unimportant long shots and you're giving your competition an opportunity to pass you.
Related
Is it possible to download my apps code from my IPhone 5s and Android. My developer in India disappeared and I am trying desperately to get a hold of her. I dont know if there is a holiday over there or if she is sick.
Anyhow my app is finished on both platforms and all that needs to be done is transfer the database to Amazon and the respective stores.
Is there any way to rescue this code on my phones?
If I understand your issue correctly, you want to reverse engineer or extract the code from a copy of the app installed on your phone.
It's called App Decompiling and while in theory, it's possible to do it, it won't "just work" as easy as copy & paste. Especially taken you've got 2 different platforms to decompile from.
On iOS, for example, the apps are protected by its DRM https://en.wikipedia.org/wiki/FairPlay technology which splits the app into segments and encrypts each of them with a separate key. To attempt to decompile the app, you'll need to jailbreak https://en.wikipedia.org/wiki/IOS_jailbreaking your device, which immediately voids all of its warranties. Even then, it's not certain you'll be able to extract enough of the code to rebuild the app.
On Android, it's slightly easier, but would still not exactly grant you the Java source code.
Bottom line, it's extremely difficult, unreliable, quite expensive (if not performed by yourself) and probably not worth it in your case.
This is my first question on Stack Overflow, so sorry in advance if I asked the question in the wrong place or messed up.
I have this project where I am repurposing an old android tablet for the project. I need to make an app which will always be open on the tablet. The problem is, I am not proficient in making apps for Android. So, I thought let me run an iOS emulator (like iemu or Cider APK). Then, I realized I don't know how to put my app on the emulator.
I was thinking of ad hoc, but I am not sure if it will work. Then I though about stuff like Snapchat ++ or Instagram ++. How do they distribute it? For those who are unfamiliar with it watch this video starting at 1:55.
So in short, can I put my iOS app on the emulator or is it just better to get better at making android apps?
Thanks in advance
Based on my quick research I checked just briefly bunch of articles about Cider APK or iEMU APK and also comments and I downloaded one app but didn't run it because its basically distributed from some google drive account and looks quite dangerous to run on my phone.
But based on my understanding how this is actually doable https://appetize.io looks like only way, as this is merely some remote virtualization solution and they have business model instead of ad scam business model as those others. appetize.io runs in browser and has a free plan with limitations but usable , also they allow to upload your apk to their server to run it on their iOS devices that is basically visible in web browser, while quite slow but working and its real thing and useful.
I am guessing you would get Cider APK or iEMU APK.
I have never done it myself but I know it's doable. Read their documentation.
Install the emulator in your IDE and run by choosing the desired destination.
Hope this helps.
http://www.androidcrush.com/run-ios-apps-on-android/
I'm creating an mobile app with mainly Html5 and got curious about the possibility for people to view the code behind their mobile app? is it possible? in that case, is it easy done? Thanks!
What you're talking about is decompiling. For Android, at least, it isn't necessarily difficult under the right circumstances, but if the developer is at all concerned about security they've hopefully obfuscated their code to make the process much more difficult if not impossible for the average person. There are plenty of resources online with instructions on how this can be done but it is often a pretty sketchy thing to do. If the process is interesting that's one thing, but don't jack other people's code. The process is much more complicated for iOS since Apple tries to lock our code down with DRM. It is, however, still technically possible – typically with a 3rd party app to crack it and a jailbroken iOS device.
I have my native android app in play store, in recent days my app gets multiple request frequently from a particular user, for time being in have blocked that particular device id, i fear would be there any chance to crawl my app?
Is there any way of crawling android app content?
Of course there is! You can open your APK like any zip archive and open whatever you want. You can use aapt tool from Android SDK to replace some parts. And you can decompile your code using undex tools. It will not be exactly what you used, but they will be able to modify your application.
You can do it harder for them, if you use some obfuscation tools like Proguard. You cannot prevent completely revealing your code however. It is much harder to disassemble native code, but still possible. Make sure you do not compile symbols for all functions into release library. See http://www.ibm.com/developerworks/aix/library/au-aix-symbol-visibility/ for examples.
If you have something really valuable, only secure way it to process data on your secured server without giving your code to the user. All code you give on the user's device can be decompiled. It differs only by how hard it is and how much he has to spend to do that.
I may not have understood what you meant by crawl your app though.
I'm working on my first Android app, and am almost to the point where I can start thinking about putting it up on the market as a paid app.
In the process of researching this step, I found out that it's basically trivial to break Google's copy protection scheme. I don't know how big of a problem this really is, or if we need to look into some other form of protection.
Obviously an obfuscater like ProGuard is a good first step, but how would you go about protecting your application from being released into the wild?
Second, other than encrypting contents (which is difficult because the decryption key has to be stored in the program too) how would you prevent someone from just dumping the contents of a sqlite3 database?
Just today Google released details of the new licensing service which is intended to replace copy protection. See here for details: http://developer.android.com/guide/publishing/licensing.html
It sounds like you have two security concerns:
Users copying and distributing your application without paying
Developers decompiling your source code and stealing it for their own applications
Concern #1: Its definitely possible for users to do this. One solution would be to give the app away for free, but disable it until they register on an independent website (where they pay). However, this kind of defeats the purpose of using the market as a convenient way to distribute your app.
Concern #2: This is a problem developing Java applications in general and isn't really specific to Android. As you stated, using an obfuscater is a good start. However, you are always going to be able to decompile Java code, and there really isn't any easy way around this that I know of.
My opinion is that piracy is very difficult to stop if the culprit has enough motivation. However, in general I don't think its a huge concern for Android developers. I know lots of people who wouldn't blink about downloading pirated movies or video games, but pay for all of their mobile applications.
Everything is about to change:
http://www.itproportal.com/portal/news/article/2010/7/28/google-add-licensing-service-android-apps/
Don't use sqlite. Use your own custom format. That's not unbreakable, but will definitely make it harder to extract data
Just don't keep your sensitive data at customer device. Keep it in Internet on your own server. And make your app just as a "thin" client to your server-side data/app.
For now 90% of devices have Internet connectivity for 90% of their running time. You should consider the importance of your data and either choose to keep it always server-side, requiring Internet connection, or keep it at client-side, making it vulnerable.