How to protect Android app against theft and modification of app itself?

Question

There\'s a good report here of a recent scam perpetrated through the Android market.

http://www.theregister.co.uk/2011/12/12/android_market_malware/

Someone

Answer 1

Not the be-all-to-end-all but there is ProGuard:

The ProGuard tool shrinks, optimizes, and obfuscates your code by removing unused code and renaming classes, fields, and methods with semantically obscure names. The result is a smaller sized .apk file that is more difficult to reverse engineer. Because ProGuard makes your application harder to reverse engineer.

Answer 2

This kind of black hat practice are impossible to avoid. Whatever you find, a lucky, ingenious, patient hacker will undo it.

You can nevertheless hope to work hard enough to make it harder for most hackers to easily break your protections. That's what people often call IT security btw :)

Fields to investigate are :

• obfscation
• CRCs and MD5 as you mentionned it
• secure networked verification
• a second app to check the first
• a custom checking class loader (can you do that on android ?)

Answer 3

If you are willing to spend some money then go for some professional help such as Arxan. We have used this in our enterprise level app. Basically it recompiles the .apk with its own encryption and creates a new apk which will enable you to know whether tampering was done with apk and other such instances. You may refer to this url : https://www.arxan.com/ for more details and do your research accordingly.