拥有.apk可以提取其源代码。安卓应用程序是否安全？[英] Having .apk can extract its source code. Does Android app is secure?

问题描述

I develop Android app and some of the codes are very private and confidential. I make encryption algorithm into my code to increase the safety.

But recently I read, when people having an .apk file, they can extract the java source code with 100% correct Source.

Not just that, people also can get .apk from Google Play Store Source

Does it means people who has my .apk can view all my source code(java, .xml layout, library)? If yes, all my hard work to have a secure app is not achieved.

推荐答案

Yes,hopefully There is a way of preventing other from getting your hard labor projects full source code . Enable ProGuard for your android application. ant will call ProGuard to obfuscate your code. Your code will be than shrinked as much as possible.Many functions and variables name will be replaced with shrinked form that nobody can decode or understand at all :)

More details are here: https://developer.android.com/studio/build/shrink-code.html

Note that enabling ProGuard takes build time much more than normal build time.So better to do it before release of your app.

其他推荐答案

The process is called Android Reverse Engeneering. As @ash12 said , you can use ProGuard to obfuscate your source code. But then it will be a serious security-compromise if u store your app credentials like api tokens ,passwords etc.. in the source.

Also You could take a look at DexGuard , which is the commercial variant of ProGuard. It allows you to also encrypt the layout files and obfuscate the content of the manifest and other resource files (together with many other things).