How to obfuscate a pre-built apk? [closed] - android

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 years ago.
Improve this question
I'm a blogger and I've been publishing third party android apps and games on my website since a couple of years ago. There are some exclusive apps which I need to put some toast messages in them. I'm novice at this but my question is about something different. I just want to obfuscate a prebuilt APK app or just a particular string in the activity. There are so many articles or tutorial videos in the web in which people trying to teach this method by ProGuard in Android Studio. But I couldn't even find a single tutorial which explains How to add a prebuilt APK (NOT A NEW PROJECT) in Android Studio and obfuscate it. I tried to profile/debug an APK with Android Studio but I can not find the gradle.build to set the minifyEnable to true. I know this might be so stupid to ask, but can anyone help me with this? I just need to obfuscate a string (mostly my toast messages) or the whole classes of a Pre-built APK. Is there an easier way to do this or I have to do it by Android Studio? I would really appreciate if someone tell me how to do it in the easiest way possible. And do not consider me as a programmer or developer.

If you have an unobfuscated .apk file in a folder and want to obfuscate that, then you're out of luck.
Obfuscation works on a much lower level, and is done while the .apk file is being built from the source code.
And Proguard will not do anything at all to obfuscate your strings. Even if the .apk was obfuscated using Proguard, all strings and resources would still be in the .apk file and could easily be read by anyone with a bit of technical know-how.
Proguard obfuscates the code itself, not the resources (resources would be strings, numbers, images, etc)
There are some other methods of obfuscation (DexGuard and Arxan for examples), but those are much much harder to use, even for an experienced developer.
And you mention you want to add a toast message into a prebuilt .apk file? That requires extremely (and i do mean extremely) high knowledge of how the .apk is built, to dissamble it and rebuild it.

Related

Tips, tricks, and requirements for editing open source Android apps [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I'm getting back into Java programming, and I've decided that giving back by working on open source Android apps is a great way to start. I've been running Cyanogenmod nightlies for about a year now, and would like to start with some of the core apps I work with on a daily basis (Camera, gallery, GitHub, StackExchange, the list goes on)
I can find packages on GitHub easily, and I can bring them into Eclipse (Kepler) but I find myself going down a rabbit hole of endless required packages and such, and never actually getting anything to build!
Is there anywhere I can find documentation on starting to edit these things? Tutorials, tips/tricks, required reading for this sort of thing? Is there a master repo somewhere where I can grab all of the code for Cyanogen (I know, this is probably ridiculous) to make sure I have all the imports?
Is there anywhere I can find documentation on starting the edit these things?
Ask the developers of your project(s) of interest. Usually, if they really want contributions, they will have build instructions. The GitHub app does as part of its project README. The newly-released StackExchange app is not open source.
Is there a master repo somewhere where I can grab all of the code for Cyanogen (I know, this is probably ridiculous) to make sure I have all the imports?
CyanogenMod has a wiki which contains lots of project documentation, including a set of pages for how to build CM and so forth. They even have dedicated build guides for how to build from source for various device models. There is also a page describing their GitHub hosting model.
Please bear in mind that many of the apps that came to CyanogenMod from the Android Open Source Project (AOSP) are not Android SDK apps that you can build with an IDE and the SDK alone. Most have many hooks into the rest of the OS and as such need to be built as part of a larger OS build. As such, this is not what I would recommend somebody "getting back into Java programming" to get involved with as their first order of business. The being said, for further assistance in developing for CyanogenMod, contact their community through their various channels.

Porting a C++ application with Lua scripts to android? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I'm looking into porting an application called ygopro (source code here) to Android. I was just wondering if anybody can help me out by telling me what would be the best way to go about doing this? I would prefer to not spend more than about 60 hours on it and I certainly don't have the time to go through and rebuild everything from scratch. The code is in C++ and there are about 5,500 Lua scripts to do various things. Is there any easy way I can port this?
First, you'll note that the graphics library used by this project is based on has been ported to android.
There are two demos available for that project. Those will show you how to write an android application that uses this library. I suggest you essentially hack your projects source into the framework they provide.
In terms of Lua, again you'll want to use an existing port. Many of the Lua ports are oriented towards allowing access to LUA from Java via JNI, but you just want a Lua shared library out of them to link to from your C++ code. You will probably want something like AndroLua rather than the Android Scripting Environment. Pretty much, add all the folders in it's jni folder to your Android.mk includes, add it as a library, and you'll be good to go.
In terms of actual porting, I'm assuming that the project currently compiles happily under GCC. If that is the case, as you try to build it, it will complain about functions that are platform specific, and you will have to replace these. That should be manageable, if you are slowly adding code to the graphics framework demo as suggested. Beyond that, some libc functions are missing, but generally only rarely used ones.
Hope this helps. It goes without saying that you should complete some Android Native tutorials before starting. This project is more than a weekend.

Which is safer for Algorithm implementation? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I've a data processing algorithm which I will apply for one of my Android Application. The Algorithm can be implemented via Java or Native Code C. But which is safer for algorithm implementation Java or C as so far I know Android Dex file can be reversed engineered. Is it also applicable for C?
Code safety is maximum when you do it in C(native) than java.
"so far I know Android Dex file can be reversed engineered. Is it also
applicable for C?"
Doing it in JAVA
By making your code-pakages to library you can make your java codes safe. Even if its reverse engineerd or your apk is breaked your code will not be visible, It will be like encrypted format. Change you algorithm package to library and add to the project assets folder and buildpath.
Doing it in C
And if you are doing it in C its sure that one who breaks your apk cant see your C code. Sometime it will be visible but it will not be in readble format. If you are implementing it via C, it will make the process more faster than in java and also you will be allocated more memory to do the process. Heap memory will not be a limitation for you code. The only thing is, Because of using JNI chances of getting errors are more and it will be difficult to trackdown the errors in runtime.
NOTE :Since hacking can be done in many ways.. I cant give any compleate assurance..But in most of the ways this is the thing ..Making your algorithm packages to library and adding it to project with buildpath or doing it in native, you can make your code safe to maximum extend..
If you want your algorithm to be perfectly safe, keep it in your head.
If you want your algorithm to be relatively safe, keep it on your server.
Any code can be reverse-engineered. People have been reverse-engineering compiled C code for decades. Bytecodes for interpreters, like Java and Dalvik, tend to be easier to reverse-engineer, bringing it within the skill set of more people. However, that tends to be of greater concern where what's being protected is software licensing. If you are worried about "a data processing algorithm" outside of licensing, your average script kiddie isn't going to care about it, and a competitor who really wants to know what that algorithm is can figure it out if they have access to the code, whether you wrote it in Java, C, or hand-coded assembler.
Hence, if you do not want people to reverse-engineer your code, do not let them have the code. Keep the algorithm on your server.
If your response to that is "I do not want my app to have a dependency on a server", you are explicitly stating that your "data processing algorithm" is not important, at least compared to having that dependency. And at that point, you really have to start asking the question of how important the "data processing algorithm" is altogether.

Licensing: Android, LGPL and the ZBar QR Code scanner [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have integrated zbar code scanner in my Android-app in minutes (great library!),
nevertheless I am thinking of replacing it with another QR code reader now.
The reason is, that there is much scepticism[1][2] on the web whether
LGPL is compatible with commercial Android projects.
Can someone tell me why zbar uses LGPL but nevertheless are supporting android? (the even have a android section in their support forum...)
Is there a way to make sure my app meets the license requirements?
[1] http://source.android.com/source/licenses.html
[2] http://www.gnu.org/licenses/lgpl-java.html
Android platform project has different licensing requirements from 3rd party app developers. While it is possible to replace and reverse engineer LGPL libraries in 3rd party apps, it is not so for LGPL libraries in read-only firmware.
Key parts of Android zbar are distributed in binary .so files. As such, they are replaceable in your distributed app in terms compliant with LGPL.
For the Java adapter code (zbar.jar), make sure you're not using ProGuard or other obfuscation on it.
For reference, here's how the droidText project addresses LGPL compliance: https://code.google.com/p/droidtext/wiki/LGPLCompliance
(Standard I-am-not-a-lawyer disclaimer applies.)
TL/DR: always distribute zbar source together with the app and you are clear.
I'd say that it's not simple for a user to upgrade the library should they want to. Instead, to be safe, you should treat your program as statically linked with the library. (From a practical point of view, your program is sort of statically linked, anyway.)
If you do that, you have to distribute the source (or linkable object files) of the library. It must be the potentially tweaked source you used, not some generic download-link or so.
By the way I upvoted llato's answer too, because it got some merit, but I would not be keen on arguing that line of reasoning in front of a judge. (Not that I think zbar authors in particular would drag me there but you get the point.)

Android XML decompiling protection

Maybe this question was asked many times, but i can't find the answer.
Please explain, or give some links on how to protect XML files (layouts, values, animations, etc.) in my Android app from decompiling? For now, i see that some guys are just decompling apk file and using my development.
Proguard will obfusciate your references, making it more difficult to decompile your code (and also to read stacktraces, etc).
This will help make your code harder to decompile, but not impossible.

Categories

Resources