Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android code obfuscation and secure android application from piracy

Presently i am a newbie in android development .. I need to develop a secured android application so that i can save it from getteg pirated.

For security of application i have used RMS in J2ME.In J2ME i use to do following steps :

  1. generate a serial number(some random number)
  2. save that number in rms,on next launch of application display the same serial number on screen and ask user to input valid activation code then if user enters correct activation code then application activates and flag is set to true and i save this flag value in other rms
  3. if flag value is true then home screen is displayed to user on launching app again else activation page is displayed.

I want to implement this concept in android ..Please guide me how to do it.Or tell me if any body knows some better way for doing this in android.

Secondly I want to obfuscate the apk file before releasing the application..after goggling for 2 days i found that it can be done using proguard.But i am not getting how to obfuscate the code.Please guide and help me for sorting both issues.

Thanks

like image 511
Shrey Avatar asked Sep 05 '11 07:09

Shrey


2 Answers

There isn't really a way to protect any sort of client-side code, whether it is an Android *.apk, a Java *.jar file, or a bit of JavaScript code that runs in your user's browser. The best way to protect yourself from piracy is to make the application dependent on some server-side computation that you provide.

Since you are using RMS, it sounds like you already require a server-side computation. Rather than bothering users to enter an activation code, why don't you associate this activation code with the user's email address when they purchase the application, and then why don't you use OAuth with their Google Account to verify that the user has an email address that is known to have purchased the application?

like image 178
Michael Aaron Safyan Avatar answered Sep 22 '22 23:09

Michael Aaron Safyan


  • About RMS

Michael Aaron Safyan said everything, nothing to add.

  • About ProGuard

ProGuard is now integrated to the Android framework, and requires basically no work to be set up. You just have to enable it as explained in this article and if needed to customize its configuration. "If needed", as the default configuration is suitable for most of the projects. You just have to be careful with the use if the reflexion as most of the packages, classes and methods are going to be renamed by the obfuscation process.

like image 35
Shlublu Avatar answered Sep 19 '22 23:09

Shlublu