I know there's decompilers but decompilers doesnt work perfectly there will mostly some errors etc.
So like Whatsapp Plus, youtube vanced etc. How people modify apps? do they use decompiler,fix errors and then edit apps source code or do they use something else?
Some apps may have their source code available on GitHub, in which case you can fork the repository and apply your edits. Needless to say, you should always respect the license.
You can also submit bug reports to the maintainer, which would also be considered "good form".
If what you are truly trying to do is reverse engineer the app, you may find more info on hacker boards. I don't know many software developers who take kindly to having their hard work stolen.
Note that if you consider yourself capable of "fixing bugs" in apps that you haven't developed yourself, perhaps you would consider developing your own app.
In order for an app to be legally modified by a third party, the app must be open source (have the source code available to anyone), ex. Linux. However, the front-end source code of web apps, like youtube, can be viewed by anyone through browser developer tools. A decompiler can, sometimes, produce source code that produces the same result as the original, but is, most of the time, obscurified.
Related
I am trying to understand at a little bit lower level how Android Instant Applications work, as well as analyse a bit the security aspect. I know you create an app, it has its modules and activities, and you need to specify an URL entry-point for each feature module. Now, I have my application, I have my link, I browse to it. Two questions here:
1) How does Android, my browser, DNS, whatever parses that link, know that it's not a normally browsable internet link, but that it's actually an instant app and and should open it like an instant app using the android framework, download base and feature modules, isntant-compilation, etc. ?
2) What does it actually do after it understands it's an instant app? What calls are made? WHERE exactly is the application contained? We start from the browser we use to search and find that link, after that? Is it contained in that browser's sandbox? Does it create a new container for that app? From a security perspective, this information would be quite important and interesting.
How can I gather more info about all this? Are there any tools that allow me to see into these load procedures? Any link to some extra documentation or knowledge of how this particular aspect of android works?
I suspect there won't be much public info because even though they were introduced in the end of 2016, Instant Apps is still a very new and explored feature, but that's exactly what I'm working on. If there is anything that can allow me to see what's going on, tools, debuggers, stuff I don't even know it exists, please let me know.
Is it possible to download my apps code from my IPhone 5s and Android. My developer in India disappeared and I am trying desperately to get a hold of her. I dont know if there is a holiday over there or if she is sick.
Anyhow my app is finished on both platforms and all that needs to be done is transfer the database to Amazon and the respective stores.
Is there any way to rescue this code on my phones?
If I understand your issue correctly, you want to reverse engineer or extract the code from a copy of the app installed on your phone.
It's called App Decompiling and while in theory, it's possible to do it, it won't "just work" as easy as copy & paste. Especially taken you've got 2 different platforms to decompile from.
On iOS, for example, the apps are protected by its DRM https://en.wikipedia.org/wiki/FairPlay technology which splits the app into segments and encrypts each of them with a separate key. To attempt to decompile the app, you'll need to jailbreak https://en.wikipedia.org/wiki/IOS_jailbreaking your device, which immediately voids all of its warranties. Even then, it's not certain you'll be able to extract enough of the code to rebuild the app.
On Android, it's slightly easier, but would still not exactly grant you the Java source code.
Bottom line, it's extremely difficult, unreliable, quite expensive (if not performed by yourself) and probably not worth it in your case.
I have my native android app in play store, in recent days my app gets multiple request frequently from a particular user, for time being in have blocked that particular device id, i fear would be there any chance to crawl my app?
Is there any way of crawling android app content?
Of course there is! You can open your APK like any zip archive and open whatever you want. You can use aapt tool from Android SDK to replace some parts. And you can decompile your code using undex tools. It will not be exactly what you used, but they will be able to modify your application.
You can do it harder for them, if you use some obfuscation tools like Proguard. You cannot prevent completely revealing your code however. It is much harder to disassemble native code, but still possible. Make sure you do not compile symbols for all functions into release library. See http://www.ibm.com/developerworks/aix/library/au-aix-symbol-visibility/ for examples.
If you have something really valuable, only secure way it to process data on your secured server without giving your code to the user. All code you give on the user's device can be decompiled. It differs only by how hard it is and how much he has to spend to do that.
I may not have understood what you meant by crawl your app though.
I've been checking out the Android Scripting Environment, it looks rather promising. But is it a viable option to make a marketable app in? It seems like the customer would have to download ASE and then run the script from the environment itself.
Given the lack of responses, I'm posting this more as a bump and discussion opener than a complete answer. My take is that SL4A might be good enough for small scripts, but not yet for full blown apps to update to the market. Just browsing the last couple of months of the discussion group page (link here), it seems that the API is still changing quite actively. I'm posting some examples below:
Issue 514 in android-scripting: Enhanced WebView API
New unofficial release
API Updates
Scripts as APKs
API Browser Changes
If you have a great script that you want to quickly port to SL4A, give it a shot. But I would not replace java with SL4A at least until it gets an official release.
A lot of Android apps are open source, but how can we make sure the person who finally uploads to the Google Market does not include some spyware just before uploading?
Background: Mobile apps security seems to be a growing concern, and I would like to reassure the users of my Open Source Android app. Solutions that require to modify the deployment process or application content are acceptable too.
2012 update: This is going in the right direction: http://f-droid.org/ They check the apps and compile them into APKs that they distribute. That being said, I would trust them more
if they were Mozilla or Apache...
Take a look at https://stackoverflow.com/questions/249106/how-can-you-give-users-confidence-that-your-application-has-no-malicious-intent for some related information.
You could of course take the source and build/compile it yourself and compare the resulting binary to the uploaded one, but this somehow defeats the purpose of binary distribution. And it still wouldn't help in cases where the source code does contain malicious code. Or maybe build a safe, i.e. trusted reference binary and then publish the checksum for comparison?
Apart from that, this problem really is not specific to open source software. In the end, it all boils down to trust.