How we can debug a signed apk without having source code?

Question

I want to ask if there is a possibility to debug a release apk without having source code and how we can prevent user to do this action ?

I thought that I can\'t debug a

Answer 1

You can debug APKs without having source code, using Android Studio 3.0 and higher

• First make sure to Enable Debugging

• To start debugging an APK, click Profile or debug APK from the Android Studio Welcome screen. Or, if you already have a project open, click File > Profile or Debug APK from the menu bar. In the next dialog window, select the APK you want to import into Android Studio and click OK.

Some prevention tricks against debugging:

1. Checking the Debuggable Flag in ApplicationInfo

The android:debuggable flag in the Android Manifest determines whether the JDWP thread is started for the app. Its value can be determined programmatically, via the app's ApplicationInfo object. If the flag is set, the manifest has been tampered with and allows debugging.

public static boolean isDebuggable(Context context){
    return ((context.getApplicationContext().getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0);
}

2. isDebuggerConnected

The Android Debug system class offers a static method to determine whether a debugger is connected. The method returns a boolean value.

public static boolean detectDebugger() {
    return Debug.isDebuggerConnected();
}

The same API can be called via native code by accessing the DvmGlobals global structure.

JNIEXPORT jboolean JNICALL Java_com_test_debugging_DebuggerConnectedJNI(JNIenv * env, jobject obj) {
    if (gDvm.debuggerConnected || gDvm.debuggerActive)
        return JNI_TRUE;
    return JNI_FALSE;
}

3. APK Signatures check

If APK is resigned, its signature would have changed. Check that against your original APK signature.