Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to avoid reverse engineering of an APK assets folder resources items file?

Tags:

android

android-assets

android-sdk-tools

I am developing a android application, in this application assets folder contains some password and some imp information. I want to prevent a hacker from accessing any resources, assets or source code from the APK file, Mainly assets resources.

How can I achieve this thing?

I found and also think about following solutions, Please make me correct and provide your suggestions on this.

1) Put every data or files in assets folder in encrypted way.

In this solution when i require to use this assets folder data then i need to do decryption every time that make my application slow.

2) To secure resources, don't include all important resources in the assets folder with APK. Download these resources at the time of application first start up.

This solution also not suitable for my application as i want to use my application in Offline mode if it is going to be use first time or second time.

3) obfuscation would not protect assets folder data so we can not use that.

Please provide your suggestions and inputs on the same.

Any help would be appreciated.

Thanks & Regards

like image 235
sam_k Avatar asked Nov 19 '13 10:11

sam_k

People also ask

Can you prevent reverse engineering?

It is not possible to protect the application from reverse engineering completely.

Can * .apk be reverse engineered?

There might be separate config APKs for devices with larger screens, or different CPU architectures. For reverse engineering you usually just need the main APK, and you can ignore the rest.

1 Answers

Reverse engineering on Android is REALLY easy ! You can't prevent that. You should not store any sensitive informations in your APK because someone could find them easily.

You should use asymmetric encryption if you want to store something on the user device.

It's possible to hide some data in your code like a symmetric encryption key but it will be found in few minutes if someone want to find it. (and few seconds if you put it in assets folder...)

EDIT If you want to put a symmetric encryption key in your code, don't set it like : 

String myKey = "myEncryptionKey";
byte[] key = myKey.getBytes();

because a reverse engineer is able to list all strings in your apk with a single command... So use something like : 

StringBuilder sb = new StringBuilder();
sb.append(m);
sb.append(y);
...
byte[] key = sb.toString().getBytes();

or 

byte[] key = Base64.decode("esfas09f8as90f8").getBytes();
like image 126
nbe_42 Avatar answered Oct 02 '22 16:10

nbe_42
Sign in to Comment

Related questions

Debugging a "remote" Android device with Xamarin?
No suggestion Edit Text with multiline in android
Change path color without changing previous paths
Media player playing multiple files at the same time
Arduino: using Serial and Software Serial with bluetooth module
Is it possible to save a variable value in Android (in memory), even after closing the application? If so, how?
iOS 7 blur in Android
I'm having trouble understand what PhotoView's getDisplayRect() actually returns (building android photo cropping tool)
How to convert my Android project to a maven project
Intercept received SMS in Delphi XE5 for Android
how can I get return value from android services
AndroidRuntimeException: requestFeature() must be called before adding content exclusive to Honeycomb 3.1 - 3.2.1
Calling DialogFragment from Fragment
Documentation on Guardian project ffmpeg android
Is there any dictionary datatype in android? [duplicate]
How to get started with andengine [closed]
How to wrap a preference title? (Really)
Obfuscating ORMLite model classes with Proguard
Custom View for ActionBar.Tab not displaying correctly
Why there is no Android SDK 4.4 in the Maven Repository?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!