I am developing a android application, in this application assets
folder contains some password and some imp information.
I want to prevent a hacker from accessing any resources, assets or source code from the APK file
, Mainly assets resources
.
How can I achieve this thing?
I found and also think about following solutions, Please make me correct and provide your suggestions on this.
1) Put every data or files in assets folder in encrypted way.
In this solution when i require to use this assets folder data then i need to do decryption every time that make my application slow.
2) To secure resources, don't include all important resources in the assets folder with APK. Download these resources at the time of application first start up.
This solution also not suitable for my application as i want to use my application in Offline mode if it is going to be use first time or second time.
3) obfuscation would not protect assets folder data so we can not use that.
Please provide your suggestions and inputs on the same.
Any help would be appreciated.
Thanks & Regards
It is not possible to protect the application from reverse engineering completely.
There might be separate config APKs for devices with larger screens, or different CPU architectures. For reverse engineering you usually just need the main APK, and you can ignore the rest.
Reverse engineering on Android is REALLY easy ! You can't prevent that. You should not store any sensitive informations in your APK because someone could find them easily.
You should use asymmetric encryption if you want to store something on the user device.
It's possible to hide some data in your code like a symmetric encryption key but it will be found in few minutes if someone want to find it. (and few seconds if you put it in assets folder...)
EDIT If you want to put a symmetric encryption key in your code, don't set it like :
String myKey = "myEncryptionKey";
byte[] key = myKey.getBytes();
because a reverse engineer is able to list all strings in your apk with a single command... So use something like :
StringBuilder sb = new StringBuilder();
sb.append(m);
sb.append(y);
...
byte[] key = sb.toString().getBytes();
or
byte[] key = Base64.decode("esfas09f8as90f8").getBytes();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With