As it is, your compiled application contains the key strings, but also the constant names APP_KEY and APP_SECRET. Extracting keys from such self-documenting code is trivial, for instance with the standard Android tool dx. You can apply ProGuard. It will leave the key strings untouched, but it will remove the constant names. It will also … Read more
You can’t. There are steps you can take to make it a little more difficult, but ultimately any executable on the local machine is crackable. Eventually, that code has to be converted into native machine code and every application that is runnable is vulnerable. What you want to do is just make it difficult enough … Read more
It’s easy Get these tools: dex2jar to translate dex files to jar files jd-gui to view the java files in the jar The source code is quite readable as dex2jar makes some optimizations. Procedure: And here’s the procedure on how to decompile: Step 1: Convert classes.dex in test_apk-debug.apk to test_apk-debug_dex2jar.jar d2j-dex2jar.sh -f -o output_jar.jar apk_to_decompile.apk … Read more
1. How can I completely avoid reverse engineering of an Android APK? Is this possible? AFAIK, there is not any trick for complete avoidance of reverse engineering. And also very well said by @inazaruk: Whatever you do to your code, a potential attacker is able to change it in any way she or he finds … Read more