Menu
I've developed my first Android app in Unity3D and uploaded it to Google Play. And I've just realized: There are services to download apk files from Google Play. There are services to decompress apk files and get all the source files from it. Is it possible?
How can developer protect his apps from cloning this way? (I'm using Unity 3d, so I can't use ProGuard) Or does it make a difference that I'm developing in Unity 3d? (Maybe it's harder to understand decompressed sources in case it made in Unity) But then, how does Google Play protect apps from hacking source code?
680
But if you install the apk file then your phone might be hacked, as it's easy to bind a Trojan or a RAT along with the apk.
Transferring the APK or App Bundle to your phone If you haven't downloaded the APK file or the app bundle directly onto your Android phone, you'll need to transfer it from your computer to the phone. You can transfer it using Bluetooth, a USB cable, or a cloud storage service.
Find the APK you downloaded and tap it. Tap the “Install package” option and then select to watch an ad and install. Deal with permissions – Finally, Android will open up the Install Unknown Apps prompt. Tap APKMirror Installer to give it permission to install the APK.
Because the APK files install apps on your system, they can pose a serious security threat. A person with malicious intentions could modify the APK before you install it, then use it as a digital Trojan horse to install and run malware. Thus, you need to ensure that the site you use is reliable.
It is absolutely possible for the most part. Just take your APK, rename it to a .zip and you already have access to the contents. Browsing through the folders will show you (given that you're using Unity) a lot of Unity asset files. These, by means of inspection, are reasonably trivial to retrieve the contents from.
Traverse the folder structure until you find Assembly-CSharp.dll and extract it. Dump it into something like ILSpy and you'll find that your sources aren't just trivial to decompile, but that almost all naming is preserved and not even obfuscated in any way.
To provide you with an example, this is part of my code
and this is what I retrieved just now using ILSpy from the APK I built
Minor differences, but nothing that would really confuse you.
All in all there is not much protection there by default. There are ways to apply obfuscation, but I have no experience there myself, so can't really comment on the practical usefulness.
Bottom line is that if someone really would want to put effort into extracting what you've created, they can up to a point. So if you want to protect your work, you'll have to find the solution somewhere else.
182
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
