Recently at work I was asked to look into how easy it would be to get the source code of an Android APK.
I know this is nothing ground breaking to the world of developers, but its something that is worth yet again highlighting to all those new programmers whipping out mobile apps one after the other…..
So what did I find…..
A nice easy tool is available to download http://ibotpeaches.github.io/Apktool/
Simply save the jar file to your machine and make sure its in your system path (windows) and then you can run the following from the command prompt;
apktool d name-of-file-here.apk
This will then generate a folder with the name of the APK file and you can view all of the original source.
Ouch how easy was that….
Well a quick google and you can even simply use other services available that let you just upload the APK.
Or even download more free sophisticated tools ;
Holy Sh$$ – Don’t Panic!,
What do I do to protect my lovely source code….
Well I think follow a few basic rules;
- Make sure there is nothing super secret with your source code ( passwords hard coded).
- Don’t make comments that have important information giving a hacker detailed working of your internal network.
- Native – then maybe look into a tool like ProGuard to help make it harder for your source code to be reversed engineered.
- Hybrid – then you can also use ProGuard, look at
Its nice to protect your source but any decent developer can pretty much copy it from looking and getting to understanding its features , whilst then trying to add on their own stamp.
And lets face it , a majority of what you want is out on the world wide web sitting in some open source project begging you to become part of its community.
Happy reverse engineering! :).