Android XML decompiling protection - android

Maybe this question was asked many times, but i can't find the answer.
Please explain, or give some links on how to protect XML files (layouts, values, animations, etc.) in my Android app from decompiling? For now, i see that some guys are just decompling apk file and using my development.

Proguard will obfusciate your references, making it more difficult to decompile your code (and also to read stacktraces, etc).
This will help make your code harder to decompile, but not impossible.

Related

How to obfuscate a pre-built apk? [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 years ago.
Improve this question
I'm a blogger and I've been publishing third party android apps and games on my website since a couple of years ago. There are some exclusive apps which I need to put some toast messages in them. I'm novice at this but my question is about something different. I just want to obfuscate a prebuilt APK app or just a particular string in the activity. There are so many articles or tutorial videos in the web in which people trying to teach this method by ProGuard in Android Studio. But I couldn't even find a single tutorial which explains How to add a prebuilt APK (NOT A NEW PROJECT) in Android Studio and obfuscate it. I tried to profile/debug an APK with Android Studio but I can not find the gradle.build to set the minifyEnable to true. I know this might be so stupid to ask, but can anyone help me with this? I just need to obfuscate a string (mostly my toast messages) or the whole classes of a Pre-built APK. Is there an easier way to do this or I have to do it by Android Studio? I would really appreciate if someone tell me how to do it in the easiest way possible. And do not consider me as a programmer or developer.
If you have an unobfuscated .apk file in a folder and want to obfuscate that, then you're out of luck.
Obfuscation works on a much lower level, and is done while the .apk file is being built from the source code.
And Proguard will not do anything at all to obfuscate your strings. Even if the .apk was obfuscated using Proguard, all strings and resources would still be in the .apk file and could easily be read by anyone with a bit of technical know-how.
Proguard obfuscates the code itself, not the resources (resources would be strings, numbers, images, etc)
There are some other methods of obfuscation (DexGuard and Arxan for examples), but those are much much harder to use, even for an experienced developer.
And you mention you want to add a toast message into a prebuilt .apk file? That requires extremely (and i do mean extremely) high knowledge of how the .apk is built, to dissamble it and rebuild it.

How to open .dwg file in Android

I want to open a .dwg file in my own Android app.
Is there anyone who knows any good development tool that can help me.
I am trying to find it but just getting nothing related to it. I think very few people use it.
Also, I want to know, how these apps work to open cad files which would be developed.
The main problem here is that .dwg files have a lot of different versions, and more importantly this format is proprietary, apparently not well documented or not documented at all. And of course, it's not simple data that we are talking about, so good luck for reverse engineering the format yourself.
A look at the wikipedia page for .dwg seem to give some interesting information for your project :
There is already some open source reader developed for this file format, namely LibDWG - free access to DWG
(...)
This is a library to allow reading data from a DWG file. That's a very
important acquisiton, which may improve a lot the ability of the free
software comunity to develop more features in the field of computer
technical drawing (CAD).
The DWG structure is very complicated, it seems to be crafted so that
none can easily understand it. That's a strong reason to not use it,
and that's also why we do not provide the writing feature in the
library. One should use LibDWG mainly to read such files, filtering
them to some other format, free and usable.
(...)
I think this is the developpment tool you wanted.

APK contains unused resources

Yes, I saw that the similar question had been asked some years a go, but was unanswered, so I just had to give it another shot.
I am quite annoyed with the fact that the .apk file for the simple Android app I am building has 4MB in size.
When I analyse the .apk, i see that it contains not only unused classes (which can be stripped with ProGuard), but also all the graphic resources from HoloEverywhere.
I mean, even the drawables for the themes I am not using at all are in the apk.
This behaviour looks very illogical, or it just might be that I am doing something very wrong.
Finally, my question is: Is there a way to make the .APK contain only the needed data?
I mean, even the drawables for the themes I am not using at all are in the apk.
From the standpoint of the build tools, they have no good way of knowing that you are not using those drawables.
This behaviour looks very illogical
You are welcome to build a tool that can reliably detect unused resources and removes them from an APK. Call it ResGuard or something. Even the commercial DexGuard doesn't do this.
Is there a way to make the .APK contain only the needed data?
Delete the stuff that you are not using. You're the only one who knows what that is, and since HoloEverywhere appears to be no longer maintained, it's not like you will have updates to worry about.
Long-term, I understand that there's a plan to have Gradle for Android allow you to filter out resources as part of referencing an AAR. I'm not aware that this is in place just yet, and you'd still need to know what resources should be filtered this way. This would allow you to avoid modifying the original project, though.

programming C in order to prevent reverse engineering in android

I am a beginner android developer and I want to make it hard to decompile my apk files.
I uses ProGuard but it only changes functions and values names, and people still have access to the full code of my apps, so i'm looking for something stronger.
I have learned today and yesterday how to combine C files in the project and I managed to build an app that combine C and JAVA. I build few functions in C instead of JAVA, and the Java uses them in the app.
How much this method can prevent people from decompile my apps? I know that it's very easy to decompile JAVA, but what about C files ?
Is it hard to decompile .so and .o files?
Does this method is a good idea ? will it make it harder to decompile my app?
thanks for your help :)
It will make it harder but not impossible. Anyone sufficiently motivated will still be able to disassemble your binaries and see how your program works - disassembly is trivial and modern C decompilers are pretty darn good, too.
The bottom line in software security is that if you have a process that absolutely must be secret, it needs to be on a secure server. Anything that you run on someone else's device should be considered insecure. Pragmatically, however, there's simply not much motivation for people to do this, so even the low barrier (Java compilation) is more than enough to keep your code unseen.

Making codes obscure

There are several tools that can easily reverse engineer the app and shows all the classes and resources easily.My question is what are the ways to make the code obscure.My code is unique and i do not want anyone to reverse engineer it.I want to know Preventive ways.
My question is what are the ways to make the code obscure
Nothing will give you significant improvement over ProGuard without seriously impacting runtime performance.
My code is unique and i do not want anyone to reverse engineer it.
Then do not put that code on somebody else's machine. Keep it on your server.
does ProGuard also hides my database?
No.
It's an important resource to me.
If by "an important resource" you mean "my database is unique and i do not want anyone to read it", then do not put the database on somebody else's machine. Keep it on your server.
Anything that goes on a user's device -- code or data -- is accessible by that user with sufficient work.
There are a couple of free obfuscators besides proGuard, but most apps will use proGuard cause it's recommended & supported by google.
So everything you need to know: (about proguard and beyond)
http://android-developers.blogspot.de/2010/09/proguard-android-and-licensing-server.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+blogspot/hsDu+(Android+Developers+Blog)
https://stackoverflow.com/questions/2531187/android-and-obfuscation

Categories

Resources