How to prevent a “teardown” of my apk

2019-07-17 19:34发布

According to this link, "Android Police" were able to teardown the Google Play apk and clearly read the strings file. I thought there were ways to prevent this using proguard, but does it work well? I remember watching the I/O conference this year and they mentioned something about encrypting your app I believe. I haven't read anything that has cured my anxiety about sending out an app that can not be decompiled/deconstructed or anything. Can anyone with experience vouch for this (proguard and this encryption thing)?

2条回答
时光不老,我们不散
2楼-- · 2019-07-17 19:50

Proguard obfuscates code, not resources. That said, even with obfuscation, once the app reads the string into memory, it's in cleartext. All that an attacker would need is a debugger and a breakpoint at just the right time.

查看更多
一夜七次
3楼-- · 2019-07-17 20:04

I thought there were ways to prevent this using proguard, but does it work well?

ProGuard obfuscates code. It does not do anything with resource files. It does not even encrypt string constants in code.

DexGuard, a commercial offshoot of ProGuard, appears to encrypt string constants, though I see nothing about resources.

Moreover, none of this will help much. As Mr. Hewgill points out in a comment, by definition, everything has to be visible to run.

查看更多
登录 后发表回答