0

We know that we are able to view the source code of Android apk file or .jar file using some tools available for free. how to extract code of apk file

With this thing few question comes to my mind.

  1. Is this a security flaw that our app code is open to all even after compiling and building the source code using some tools ?

  2. Does every thing is java world like that like we can view html css jscript codes for a website for free.Should i compare it with that.

  3. Just like .jar file can we view code from .exe, .command or other files formats which i think are not human-readable.

  4. How to prevent my code from viewing inside an apk or jar file.Because i don't want my pain app code should behave as a open source.

I was surprised when i was able to get android project back from .apk file.

  1. Suppose my company has spend billion dollar in making app from some firm. And decided to make propitiatory not under any open source license. Also we want to protect if from the other companies which might copy my app code to create their own.

  2. Is legal is the only things that can prevent code copying.

  3. Suppose my company is creating a hotel booking app and spend thousands dollar on it some other hotel requires same ,they decompile my app and change some strings and basics things. So in that way they enjoy every thing for free.How to prevvent that situation.

  4. I want to protect various things like GoogleAnalyticsID, GooglgeAdsense,GoogleAdword and other premium third party API string to be prevented how do i do that.

Community
  • 1
  • 1
Deepak Dimri
  • 13
  • 3
  • 1
    you aren't. You're able to decompile the program though. Same applies to .exe-files. If you'd have read the answers you'd have noticed that all answers include using a decompiler – Paul Feb 08 '16 at 18:02
  • JVM bytecode is about as featureful as most high-level languages. It's pretty trivial to translate JVM bytecode back into Java source most of the time. It's not a security flaw. Or, rather, if you're relying on code obfuscation to secure your application, your application is already insecure. IIRC, there are some obfuscating java compilers. Although, unless you're writing malware, I can't think of a good reason to use one. – Parthian Shot Feb 08 '16 at 18:09
  • There are obfuscator that you can use to make difficult to copy your code: http://stackoverflow.com/questions/49379/how-to-lock-compiled-java-classes-to-prevent-decompilation – Marco Altieri Feb 08 '16 at 18:09

1 Answers1

0

  1. There is no security flaw. It is well known that someone can take compiled code for any software platform and reverse engineer it into source code that could compile back into code that executes similarly.

  2. You can not reconstitute the exact original source code from compiled code. For example, compiled code will not have the comments that were in the original source code. It will probably not have the original names of local and parameter variables as well.

  3. Yes, this is like I said in #1.

  4. You cannot stop someone from reverse engineering your software products. You can only make it harder for someone to do so. For example, the Android toolchain provides the ability to run all compiled code through the ProGuard obfuscation tool, which is do as much as it can to strip out unnecessary details and change the names of classes and methods that can be modified without changing the functionality of the code.

Doug Stevenson
  • 236,239
  • 27
  • 275
  • 302
  • Suppose my company has spend billion dollar in making app from some firm. And decided to make propitiatory not under any open source license. Also i want to protect if from the other companies which might copy my app code to create their own. – Deepak Dimri Feb 08 '16 at 19:03
  • Sorry, you can't stop anyone from reverse engineering your code. Put your secrets on the server, not in the client. – Doug Stevenson Feb 08 '16 at 21:33