I\'m creating an app for android and ios, and i already know that it\'s theoretically possible to decompile an android app. The app contains sensitive information that i don
You cannot prevent decompiling android apk, you can just increase the difficulty of decompilation, proguard is the best option.
[UPDATE]
**
When you build your application using Android gradle plugin version > 3.4.0, the plugin chooses R8 to optimize and obfuscate the code. The rules can now be configured on proguard-rules.pro or proguard-app.conf files. the rules to indicate what to exclude from the obfuscation are similar to the ones in proguard.cfg used earlier.
You can import your proguard files in your build.gradle like
buildTypes{ ... release{ proguardFiles getDefaultProguardFile( 'proguard-android-optimize.txt'), 'proguard-rules.pro' } }
R8 picks up all the existing proguard rules files as long as they're included in the build.gradle. You can also configure what pieces to obfuscate for different product flavors that you may have.
**
[OLD BUT RELEVANT INFO]
Proguard is a tool that will help you obfusate your code. This comes as part of your android tools and you just need to activate it. This link and this will help further.
Proguard's default configuration (in proguard.cfg) will be enough to sufficiently obfuscate your code. However you might want to tweak your proguard configuration when you have methods/classes that are being dynamically accessed.
For instance, accessing classes/methods with Reflection will need you to have the code to be intact. You might sometimes experience ClassNotFoundException if proguard obfuscates it.
If you have classes that are being accessed in the AndroidManifest/ Layout Files, you should prevent proguard from obfuscating them.
This can be done by adding
-keep public class <MyPackage.MyClass>
to your proguard.cfg.
**
While Proguard makes static analysis harder, DexGuard protects from both static and dynamic analysis. DexGuard is specifially for android applications and is only commercially available while Proguard is open source and is for any java bytecode obfuscation / optimization.
DexGuard provides even better security then ProGuard but it is NOT free: https://www.saikoa.com/dexguard
DexGuard can even obfuscate String constants.