Are the users able to convert the apk file of my application back to the actual code? If they do - is there any way to prevent this?
Decompilation of APK file is possible. But it might be difficult to understand the code if it is obfuscated.
Just like Java bytecode, Dalvik bytecode is easy to decompiled to Java language. It is very convenient to analyze an application, to find security issues, to understand the behaviour of the application,... On the other hand, it is not possible to decompile an Android app to Java, modify it and re-compile it.
First, an apk file is just a modified jar file. So the real question is can they decompile the dex files inside. The answer is sort of. There are already disassemblers, such as dedexer and smali. You can expect these to only get better, and theoretically it should eventually be possible to decompile to actual Java source (at least sometimes). See the previous question decompiling DEX into Java sourcecode.
What you should remember is obfuscation never works. Choose a good license and do your best to enforce it through the law. Don't waste time with unreliable technical measures.
Decompilation of APK file is possible. But it might be difficult to understand the code if it is obfuscated.
Use Aapt (part of the Android SDK) or AXMLParser (from AndroGuard) to analyse and view info of an APK File
Retrieves the content of the AndroidManifest.xml file
Shows various information (e.g. permissions, activities, services, broadcast receivers, ...)
Command:
Aapt
aapt dump badging sampleApp.apk aapt dump permissions sampleApp.apk aapt dump xmltree sampleApp.apk
AXMLParser
apkinfo sampleApp.apk
Use ApkTool or NinjaDroid to disassemble and view the resources of an APK File
Disassembles the bytecode to smali/assembly
Extracts the AndroidManifest.xml, the CERT.RSA file and everything in res folder (layout xml files, images, htmls used on webview etc..)
Command:
ApkTool
apktool.bat d sampleApp.apk java -jar apktool.jar -q decode -f sampleApp.apk -o myOutputDir
NinjaDroid
ninjadroid MyApk.apk --all --extract myOutputDir/
NOTE: You can achieve something similar by using zip utility like 7-zip. But, these tools also extract the .smali files of all .class files.
Use dex2jar to decompile the DEX files of an APK File into Java code
Generates the .jar file from a .apk file (note that the Java code of Android apps is usually obfuscated)
Needs JD-GUI to view the source code from the output .jar file
Command:
dex2jar sampleApp.apk d2j-dex2jar.sh -f sampleApp.apk -o myOutputDir/sampleApp.jar
Use JD-GUI to view the .jar file
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With