I had a concern about the security of my android app.
I developed an app uploaded it on market and got more than 1 lac downloads. I also uploaded my app on Mobango(android store). On monago a persom can download my app's .apk file.
So if any person acn download .apk file of my app, he can upload it on other android store.
I have tried this I downloaded my app's apk from mobango and successfully uploaded on other android store.
My concern was anyone can steal my app and reupload with his name.
thanks
Yes we can reuse the .apk file and extract the source from it .......
This is a worry for all app developers on Google Play store. I've seen Google Chrome plugins which allows to download any apk from the store if you're brave enough to put your google login details and the device ID of your phone.
What you can do is obfuscate the content of the APK using something like ProGuard, which makes it hard to decompile.
Documents say:
The ProGuard tool shrinks, optimizes, and obfuscates your code by
removing unused code and renaming classes, fields, and methods with
semantically obscure names. The result is a smaller sized .apk file
that is more difficult to reverse engineer.
But you can see that it says that is more difficult to reverse engineer and so in theory it is not impossible.
Note that when you use ProGuard tool,you have to create a key.So if any body change your code and recreate another .apk from it this .apk can not publish as update or another version of your origin .apk .
Related
I am building an app using React Native that involves the use of many assets (specifically .mp4 files).
My app is around 430mb.
On the Android side, I have followed the Play Asset Delivery official documentation, and I cannot get it to work.
I am only using install_time assets, and therefore have not used the Play Core API. After setting everything up (as per the documentation), I generate a Signed Bundle, and try to upload it for internal testing on Google Play Console, only to get an error back because of my bundle size being larger than 150mb.
I cannot find anything online about this, as there are no tutorials or helpful documents yet, and everything I have found has been Unity related, which I am not using.
I currently have a module for the install_time_asset_pack, and a AndroidManifest.xml was generated when I built my app. That being said the bundle is still above 150mb and the Play Console does not seem to split the encapsulated .APK file and the PAD when I try to upload.
Does anyone know anything about this? Or can someone point me to an actually helpful tutorial to implement PAD? Preferably not unity related please.
Thanks!
EDIT:
So it seems the APK generated in my .aab file (the base folder) was larger than 150mb. It seemed to also keep the assets I split into the asset-packs, and thats why it had the large size. So I unzipped the .aab, removed those, and now I don't know how to zip the .aab together again. Any thoughts?
Using the Sketchware app and Android, I am trying to export to the Google Play store, I have to select the .json for the service account to allow it to publish the app.
However, when I try to select the .json file I have downloaded to my phone, I navigate to the directory the .json file is stored in then when I try to click on it, it is greyed out and I cannot click on it.
(P.S.: I have tried contacting Sketchware support. However, it has been over three days now and I understand due to coronavirus the response may be delayed, but I thought I would ask here if anyone has a solution.)
Why are you publishing the app directly from Sketchware to PlayStore?
You better sign the apk usin APK SIGNER app and manually upload the APK to the Play Console.
I have never used Google Play Console before, but I think this could help you:
Download your app
Using Apk Extractor (play.google.com/store/apps/details?id=com.ext.ui) is a software that will help you to get APK file from an pre installed app from Android ONLY. Using this software you can actually get an APK or Android Package that you can use while publishing app
There are many application available on Google Play that can convert your app file to AAB format.
Yes, download Apk editor and select generic key or test key (try them out, there's a few) in settings in the app, and edit the API version to the correct number. And set up a Google Play console account.
Yes, we do have a solution. Send the file to WhatsApp. Then share it from WhatsApp, choose file manager, copy the file to the place that you want, open sketchware, choose the file that you added in the JSON file, and enjoy.
I am currently working on an android game but when I try to build it, we can do it in two ways i.e.
If we check the Bundle Opting in the build menu then it will come in a single file of formate .adb (Android Debug Bride) it may or may not work with Google Play Store or the App Store but I am not targeting on that I wanted a file or files that I can share with my friends or on itch.io because you can only upload a file or files on it, it is not responsible for installing for anything and whoever downloads the from it, he will just get the file on his/her android device and will not get an installed app to start playing it.
we can also check the Splitting opting in the player menu of project setting and then the build will split into two files, 1. .apk , 2. .obb. well this is a good option but with the same problem if I upload it to a distributor or share it to my friends the two files will be downloaded or shared with no installation
Please tell me a way how I can make a file that can download itself or any solution to this.
I just want a way to build an android game that can easily be installed through a distributor or through sharing
Thank You in Advance
What you want is just an APK.
An app bundle is intended for the Google Play Store. If you upload your app as an app bundle to the Play Store, Google repackages it into multiple APKs which only contain the data and code that is required for specific device configurations of end users. E.g. it only contains specific languages, and code for specific architectures and so on.
If you enable the "Split Application Binary" option, Unity limits the size of your APK to 100MB since this is the limit of the Google Play Store. It then creates the expansion file (.obb) which you would also upload to the Play Store.
In your case, you don't need any of it. You need one APK.
Disable "Build AppBundle (Google Play)" and "Split Application Binary" and you should be able to create one big APK.
There is such problem:
1) I have to use my our distribution service to give new builds of app to testers (no way to use HockeyApp or etc.)
2) I want to give unique APK file to each tester. But it is not possible for me to compile ~3000 APK files for every new build of application.
So I want to add some kind of ID to APK file without recompiling it.
(I need it to identify, if some user will share this APK file somewhere in web without my permission)
Example:
User downloads .apk file from my site => uploads it to some forum/website => I see, that somebody has shared my app in web => I download apk from that forum/website => I identify, who shared it (via unique ID of apk)
That is not going to be easy because all files of your APK are covered by the signature, so anything you add will have to be somewhere else.
You could try modifying the zip comments of the APK (if you can find a library that allows you to do that -- maybe "apkzlib"), I'm not sure if this part is covered by the signature.
Alternatively, you could try adding a file to the APK that is not referenced in the zip central directory (a "ghost file" in a way, it wouldn't exist for most zip tools), maybe the signature doesn't cover those either, but I haven't verified. This solution also requires good knowledge of the zip format to implement it.
Note as well that if this can be done without touching the signature, it can also be removed without touching the signature... so if one of your tester finds out about this, they could remove it. But I guess it wouldn't be trivial to do, so that might be sufficient anyway.
There are two constraints:
Unsigned apks can not be installed.
an apk signature signes every bit of the apk, therefore the wole apk must be signed.
Luckily signing an apk takes only some seconds and should be feasible for 3k apks.
So you can write a script that writes the id to a file within the akp (which is basically a .zip file) and sign it afterwards. See Can I re-sign an .apk with a different certificate than what it came with?
See https://developer.android.com/studio/publish/app-signing#sign-manually on how to sign from command line.
Until now, I only develop apps for myself or for close friends.
I don't sell apps so I'm not interested in Google Play.
So, I upload for a personal site I have, give the link to my friends,
and they download the APK.
Next they install the app and delete the APK for saving memory space.
How can I install directly my apps from my site without download the APK?
Thank you
APK shouldn't be taking that much space but what you can do is this:
1) In your MainActivity, have a method where you search for APK file in the phone external storage. (the example searches for ".pdf", change the extension to ".apk")
2) Then use a APK parser library to get the package name of the APKs found.
3) If the package name equals to your package name, delete that file.
Make sure to call that method on your onCreate() of your main activity.
Hope this helps.