问题:
I am developing a payment processing app for Android, and I want to prevent a hacker from accessing any resources, assets or source code from the APK file. 我正在开发适用于Android的付款处理应用程序 ,并且我想防止黑客访问APK文件中的任何资源,资产或源代码。
If someone changes the .apk extension to .zip then they can unzip it and easily access all the app's resources and assets, and using dex2jar and a Java decompiler, they can also access the source code. 如果有人将.apk扩展名更改为.zip,那么他们可以将其解压缩并轻松访问应用程序的所有资源和资产,并且使用dex2jar和Java反编译器,他们还可以访问源代码。 It's very easy to reverse engineer an Android APK file - for more details see Stack Overflow question Reverse engineering from an APK file to a project . 对Android APK文件进行反向工程非常容易-有关更多详细信息,请参见Stack Overflow问题: 从APK文件反向工程到项目 。
I have used the Proguard tool provided with the Android SDK. 我已经使用了Android SDK随附的Proguard工具。 When I reverse engineer an APK file generated using a signed keystore and Proguard, I get obfuscated code. 当我反向工程使用签名的密钥库和Proguard生成的APK文件时,我得到的代码很混乱。
However, the names of Android components remain unchanged and some code, like key-values used in the app, remains unchanged. 但是,Android组件的名称保持不变,某些代码(如应用中使用的键值)保持不变。 As per Proguard documentation the tool can't obfuscate components mentioned in the Manifest file. 根据Proguard文档,该工具不能混淆清单文件中提到的组件。
Now my questions are: 现在我的问题是:
- How can I completely prevent reverse engineering of an Android APK? 如何完全防止 Android APK的反向工程? Is this possible? 这可能吗?
- How can I protect all the app's resources, assets and source code so that hackers can't hack the APK file in any way? 如何保护应用程序的所有资源,资产和源代码,以使黑客无法以任何方式对APK文件进行黑客攻击?
- Is there a way to make hacking more tough or even impossible? 有没有办法使黑客攻击变得更加艰难甚至不可能? What more can I do to protect the source code in my APK file? 我还能做些什么来保护APK文件中的源代码?
解决方案:
参考一: https://stackoom.com/question/w8AT/如何避免APK文件的反向工程参考二: https://oldbug.net/q/w8AT/How-to-avoid-reverse-engineering-of-an-APK-file
来源:oschina
链接:https://my.oschina.net/u/4432649/blog/4332993