Having .apk can extract its source code. Does Android app is secure?


I develop Android app and some of the codes are very private and confidential. I make encryption algorithm into my code to increase the safety.

But recently I read, when people having an .apk file, they can extract the java source code with 100% correct Source.

Not just that, people also can get .apk from Google Play Store Source

Does it means people who has my .apk can view all my source code(java, .xml layout, library)? If yes, all my hard work to have a secure app is not achieved.

Show source
| security   | android   | apk   2017-01-07 03:01 2 Answers

Answers ( 2 )

  1. 2017-01-07 03:01

    Yes,hopefully There is a way of preventing other from getting your hard labor projects full source code . Enable ProGuard for your android application. ant will call ProGuard to obfuscate your code. Your code will be than shrinked as much as possible.Many functions and variables name will be replaced with shrinked form that nobody can decode or understand at all :)

    More details are here: https://developer.android.com/studio/build/shrink-code.html

    Note that enabling ProGuard takes build time much more than normal build time.So better to do it before release of your app.

  2. 2017-01-07 04:01

    The process is called Android Reverse Engeneering. As @ash12 said , you can use ProGuard to obfuscate your source code. But then it will be a serious security-compromise if u store your app credentials like api tokens ,passwords etc.. in the source.

    Also You could take a look at DexGuard , which is the commercial variant of ProGuard. It allows you to also encrypt the layout files and obfuscate the content of the manifest and other resource files (together with many other things).

◀ Go back