BACK
BACK
BACK
Loading...

How to Protect the Android Application? Security Recommendation.

Nowadays, in the global network, the security questions is one of the most important. The huge amount of data every day hits the internet and every user by default want to protect them. Applications and their creators aren’t exceptions. Due to this issue, we asked our dedicated developer about main dangerous and ways to defend the applications.

In our fast-moving world with new android mobile applications emerging every minute, lack of privacy, open information at every social platform, which all creates such a vast landscape for all the hackers of the world, surprisingly a lot of those Android applications at their start still forget about the security. Seems like the only developers who actually think about this are those of financial and payment apps.

As a result, we have the following situation: when the project is done it is uploaded to the Play Store. Hacker simply downloads APK file (APK is a package file format used by the Android OS) from the Play Store (e.g. via https://apkpure.com/ or some other tool). After that, he can decompile this APK (http://www.javadecompilers.com/apk is just one of the simplest ways) and Hooray! Hacker can see the whole project’s codebase. Even API endpoints (application uses HTTP requests to get information from the server) could be revealed.

Above you can see a simple guide to becoming a hacker. As you can see it doesn’t require a huge skillset. Any person who has the access to the computer (which is most of the planet’s population) can do that.

Security Ways for Android Application Package

So how can we stop that from happening? Here is a list of the most common APK securing ways:

  • Source code and resources/assets obfuscation. Fully unreadable sources after APK decompile so it’s impossible to do reverse engineering.
  • Integrity control. APK certificate(https://developer.android.com/studio/publish/app-signing) checks, APK content checks. Hackers can’t insert malicious code inside APK file.
  • SSL pinning. The application will only accept a single SSL(security technology for establishing an encrypted link between server and application) certificate which is pre-defined inside application. Environment checks(root detection etc.)

A few words about root detection. If you allow your application to be installed on the rooted device don’t forget to secure all the locally stored data(especially if it contains some user’s sensitive data) but It would be better not to store such data locally.

And here is an example of code obfuscation.

folders of android APK

files of Android APK

 

 

 

 

 

 

 

 

Without the security of the Android application, everybody can see something like that after APK decompile. We can see there all third-party libraries, configs, source code. All this information compromises the application.

public final class App extends MultiDexApplication implements HasActivityInjector, HasServiceInjector, HasBroadcastReceiverInjector {
   public static final Companion Companion = new Companion();
   private static App instance;
   @Inject
   @NotNull
   public DispatchingAndroidInjector<Activity> dispatchingActivityInjector;
   @Inject
   @NotNull
   public DispatchingAndroidInjector<BroadcastReceiver> dispatchingReceiversInjector;
   @Inject
   @NotNull
   public DispatchingAndroidInjector<Service> dispatchingServiceInjector;

And let’s use one of the obfuscation tools(in this case it’s DexProtector). We will see only files with code and inside them the non-understandable code like below.

public class ProtectedApp extends Application {
   /* renamed from: h */
   private static Object f0h;
 private static byte[] wvgjH = new byte[]{(byte) 14, (byte) -99, (byte) 30, (byte) -21, (byte) -79 ...
   private static volatile transient Object[] iv;
public static boolean yz;

public ProtectedApp() {
       f0h = this;
   }
private void Dlxgrphex(File file) {
       String engineWrap;
       String engineWrap2;
       switch (Hkg()) {
           case 1:
engineWrap = engineWrap("䎫ぐﰚ樒組澼嬈촳೵〤?");
               engineWrap2 = engineWrap("ᾍ끡᭧￳૤ᘲ㰂樃霽磾┓");
               break;
           case 2:
               engineWrap = engineWrap("‑黯鄟묬郼潹㼝瞧ꍍⴰ");
               engineWrap2 = engineWrap("ᾍ끡᭧￳૤ᘱ㰇橛霽磰╉욀몇");
               break;
           case 3:
               engineWrap = engineWrap("尫ȡꩨݸ눱゚ᩧ嬟뱔");
               engineWrap2 = engineWrap("ᾍ끡᭧￳૤ᘱ㰇橔霽磰╉욀몇");
               break;
           case 4:
               engineWrap = engineWrap("˽?쳃㩎蝀ﺴ퉰≄䬴?策ի");
                engineWrap2 = engineWrap("ᾍ끡᭧￳૤ᘱ㰇橛霽磰╉욀몇");
               break;
           case 5:
               engineWrap = engineWrap("㊽㚶쿀軳䢑鄂趃퉥䢙䊣䷊");
               engineWrap2 = engineWrap("ᾍ끡᭧↑મᙃ㱇橘霽磰╉욀몇");
               break;
           default:
               throw new IllegalArgumentException();
       }
       InputStream open = getAssets().open(engineWrap2);
       OutputStream inflaterOutputStream;
       try {
           inflaterOutputStream = new InflaterOutputStream(new FileOutputStream(file));
           jvhjscGDD(engineWrap, open, inflaterOutputStream);
           inflaterOutputStream.close();
           open.close();
       } catch (Throwable th) {
           open.close();
       }
   }
private int Hkg() {
       String str = Build.CPU_ABI;
       String str2 = SystemProperties.get(engineWrap("發䗃秐쓳睅봳䊰媟鵱䪱ༀו곌螺벝쏲"), "");
       String str3 = engineWrap("登䗂禕쓭睘봫䊺").equals(str2) ? str : str2;
       if (str3.startsWith(engineWrap("癯䗞禓쓦睖봾䊽媊鴲"))) {
           return 2;
       }
       if (str3.startsWith(engineWrap("癯䗞禓쒵眃뵱䊢媝"))) {
           return str3.equals(str) ? 3 : 2;
       } else {
           if (str3.startsWith(engineWrap("癯䗞禓쓦睖봾䊽"))) {
               return 1;
           }
           if (str3.startsWith(engineWrap("癶䖔秈쓜省뵨"))) {
               return (str3.equals(str) || str.startsWith(engineWrap("癯䗞禓쒵眃뵱䊢媝"))) ? 5 : 4;
           } else {
               if (str3.startsWith(engineWrap("癶䖔秈"))) {
                   return 4;
               }
               throw new IllegalArgumentException(engineWrap("癍䗼禫쒹眗") + str2 + engineWrap("瘢䖌禓쓬睓봹䋮") + str);
           }
       }
   }
private void cv() {
       File file = new File(getDir(engineWrap("⎽稩鈑辠訟"), 0), engineWrap("⎾稿鈑辠訟䥭ᆗ褂刔蘍ᑪ濃㥔◖藼៚䢙柔t둇魀ܡ") + Process.myPid() + engineWrap("⏼稲"));
       try {
           Dlxgrphex(file);
           System.load(file.getAbsolutePath());
       } finally {
           file.delete();
       }
   }
...

Besides, it’s very easy to access another application’s data on Android OS. If you are completely new to the topic of security, you can take a look at a go-to guide with some really useful tips here https://developer.android.com

Tools for Android Application Security

If you want to protect your android application we prepared for you a few tools with a quick overview which can help you with this task:

  • ProGuard(built-in) – is an open-source command-line tool that does very simple code obfuscation;
  • DexProtector, DexGuard etc. – paid tools with lots of functionality including security ways that were mentioned above.

In conclusion, we would like to say that project security should not only be on the mobile developer’s shoulders. The whole team should be involved! P.S. Don’t forget to add checking application protection to the QA’s checklist (at least to decompile APK).

Let all of your applications be secure!

Request a quote

We will contact you as soon as posible.

  • Afghanistan +(93)
  • Albania +(355)
  • Algeria +(213)
  • American Samoa +(1684)
  • Andorra +(376)
  • Angola +(244)
  • Anguilla +(1264)
  • Antarctica +(672)
  • Antigua And Barbuda +(1268)
  • Argentina +(54)
  • Armenia +(374)
  • Aruba +(297)
  • Australia +(61)
  • Austria +(43)
  • Azerbaijan +(994)
  • Bahamas +(1242)
  • Bahrain +(973)
  • Bangladesh +(880)
  • Barbados +(1246)
  • Belarus +(375)
  • Belgium +(32)
  • Belize +(501)
  • Benin +(229)
  • Bermuda +(1441)
  • Bhutan +(975)
  • Bolivia +(591)
  • Bosnia And Herzegovina +(387)
  • Botswana +(267)
  • Brazil +(55)
  • Brunei Darussalam +(673)
  • Bulgaria +(359)
  • Burkina Faso +(226)
  • Burundi +(257)
  • Cambodia +(855)
  • Cameroon +(237)
  • Canada +(1)
  • Cape Verde +(238)
  • Cayman Islands +(1345)
  • Central African Republic +(236)
  • Chad +(235)
  • Chile +(56)
  • China +(86)
  • Christmas Island +(61)
  • Cocos (keeling) Islands +(61)
  • Colombia +(57)
  • Comoros +(269)
  • Congo +(242)
  • Congo, The Democratic Republic Of The +(243)
  • Cook Islands +(682)
  • Costa Rica +(506)
  • Cote D Ivoire +(225)
  • Croatia +(385)
  • Cuba +(53)
  • Cyprus +(357)
  • Czech Republic +(420)
  • Denmark +(45)
  • Djibouti +(253)
  • Dominica +(1767)
  • Dominican Republic +(1809)
  • Ecuador +(593)
  • Egypt +(20)
  • El Salvador +(503)
  • Equatorial Guinea +(240)
  • Eritrea +(291)
  • Estonia +(372)
  • Ethiopia +(251)
  • Falkland Islands (malvinas) +(500)
  • Faroe Islands +(298)
  • Fiji +(679)
  • Finland +(358)
  • France +(33)
  • French Polynesia +(689)
  • Gabon +(241)
  • Gambia +(220)
  • Georgia +(995)
  • Germany +(49)
  • Ghana +(233)
  • Gibraltar +(350)
  • Greece +(30)
  • Greenland +(299)
  • Grenada +(1473)
  • Guam +(1671)
  • Guatemala +(502)
  • Guinea +(224)
  • Guinea-bissau +(245)
  • Guyana +(592)
  • Haiti +(509)
  • Holy See (vatican City State) +(39)
  • Honduras +(504)
  • Hong Kong +(852)
  • Hungary +(36)
  • Iceland +(354)
  • India +(91)
  • Indonesia +(62)
  • Iran, Islamic Republic Of +(98)
  • Iraq +(964)
  • Ireland +(353)
  • Isle Of Man +(44)
  • Israel +(972)
  • Italy +(39)
  • Jamaica +(1876)
  • Japan +(81)
  • Jordan +(962)
  • Kazakstan +(7)
  • Kenya +(254)
  • Kiribati +(686)
  • Korea Democratic Peoples Republic Of +(850)
  • Korea Republic Of +(82)
  • Kosovo +(381)
  • Kuwait +(965)
  • Kyrgyzstan +(996)
  • Lao Peoples Democratic Republic +(856)
  • Latvia +(371)
  • Lebanon +(961)
  • Lesotho +(266)
  • Liberia +(231)
  • Libyan Arab Jamahiriya +(218)
  • Liechtenstein +(423)
  • Lithuania +(370)
  • Luxembourg +(352)
  • Macau +(853)
  • Macedonia, The Former Yugoslav Republic Of +(389)
  • Madagascar +(261)
  • Malawi +(265)
  • Malaysia +(60)
  • Maldives +(960)
  • Mali +(223)
  • Malta +(356)
  • Marshall Islands +(692)
  • Mauritania +(222)
  • Mauritius +(230)
  • Mayotte +(262)
  • Mexico +(52)
  • Micronesia, Federated States Of +(691)
  • Moldova, Republic Of +(373)
  • Monaco +(377)
  • Mongolia +(976)
  • Montenegro +(382)
  • Montserrat +(1664)
  • Morocco +(212)
  • Mozambique +(258)
  • Myanmar +(95)
  • Namibia +(264)
  • Nauru +(674)
  • Nepal +(977)
  • Netherlands +(31)
  • Netherlands Antilles +(599)
  • New Caledonia +(687)
  • New Zealand +(64)
  • Nicaragua +(505)
  • Niger +(227)
  • Nigeria +(234)
  • Niue +(683)
  • Northern Mariana Islands +(1670)
  • Norway +(47)
  • Oman +(968)
  • Pakistan +(92)
  • Palau +(680)
  • Panama +(507)
  • Papua New Guinea +(675)
  • Paraguay +(595)
  • Peru +(51)
  • Philippines +(63)
  • Pitcairn +(870)
  • Poland +(48)
  • Portugal +(351)
  • Puerto Rico +(1)
  • Qatar +(974)
  • Romania +(40)
  • Russian Federation +(7)
  • Rwanda +(250)
  • Saint Barthelemy +(590)
  • Saint Helena +(290)
  • Saint Kitts And Nevis +(1869)
  • Saint Lucia +(1758)
  • Saint Martin +(1599)
  • Saint Pierre And Miquelon +(508)
  • Saint Vincent And The Grenadines +(1784)
  • Samoa +(685)
  • San Marino +(378)
  • Sao Tome And Principe +(239)
  • Saudi Arabia +(966)
  • Senegal +(221)
  • Serbia +(381)
  • Seychelles +(248)
  • Sierra Leone +(232)
  • Singapore +(65)
  • Slovakia +(421)
  • Slovenia +(386)
  • Solomon Islands +(677)
  • Somalia +(252)
  • South Africa +(27)
  • Spain +(34)
  • Sri Lanka +(94)
  • Sudan +(249)
  • Suriname +(597)
  • Swaziland +(268)
  • Sweden +(46)
  • Switzerland +(41)
  • Syrian Arab Republic +(963)
  • Taiwan, Province Of China +(886)
  • Tajikistan +(992)
  • Tanzania, United Republic Of +(255)
  • Thailand +(66)
  • Timor-leste +(670)
  • Togo +(228)
  • Tokelau +(690)
  • Tonga +(676)
  • Trinidad And Tobago +(1868)
  • Tunisia +(216)
  • Turkey +(90)
  • Turkmenistan +(993)
  • Turks And Caicos Islands +(1649)
  • Tuvalu +(688)
  • Uganda +(256)
  • Ukraine +(380)
  • United Arab Emirates +(971)
  • United Kingdom +(44)
  • United States +(1)
  • Uruguay +(598)
  • Uzbekistan +(998)
  • Vanuatu +(678)
  • Venezuela +(58)
  • Viet Nam +(84)
  • Virgin Islands, British +(1284)
  • Virgin Islands, U.s. +(1340)
  • Wallis And Futuna +(681)
  • Yemen +(967)
  • Zambia +(260)
  • Zimbabwe +(263)

Attach File (max file size 5MB; allowed extensions: doc, txt, pdf, docx)

Your email address will not be published. Required fields are marked *

Contact us Request a Quote

Your email address will not be published.

Required fields are marked *

  • Afghanistan +(93)
  • Albania +(355)
  • Algeria +(213)
  • American Samoa +(1684)
  • Andorra +(376)
  • Angola +(244)
  • Anguilla +(1264)
  • Antarctica +(672)
  • Antigua And Barbuda +(1268)
  • Argentina +(54)
  • Armenia +(374)
  • Aruba +(297)
  • Australia +(61)
  • Austria +(43)
  • Azerbaijan +(994)
  • Bahamas +(1242)
  • Bahrain +(973)
  • Bangladesh +(880)
  • Barbados +(1246)
  • Belarus +(375)
  • Belgium +(32)
  • Belize +(501)
  • Benin +(229)
  • Bermuda +(1441)
  • Bhutan +(975)
  • Bolivia +(591)
  • Bosnia And Herzegovina +(387)
  • Botswana +(267)
  • Brazil +(55)
  • Brunei Darussalam +(673)
  • Bulgaria +(359)
  • Burkina Faso +(226)
  • Burundi +(257)
  • Cambodia +(855)
  • Cameroon +(237)
  • Canada +(1)
  • Cape Verde +(238)
  • Cayman Islands +(1345)
  • Central African Republic +(236)
  • Chad +(235)
  • Chile +(56)
  • China +(86)
  • Christmas Island +(61)
  • Cocos (keeling) Islands +(61)
  • Colombia +(57)
  • Comoros +(269)
  • Congo +(242)
  • Congo, The Democratic Republic Of The +(243)
  • Cook Islands +(682)
  • Costa Rica +(506)
  • Cote D Ivoire +(225)
  • Croatia +(385)
  • Cuba +(53)
  • Cyprus +(357)
  • Czech Republic +(420)
  • Denmark +(45)
  • Djibouti +(253)
  • Dominica +(1767)
  • Dominican Republic +(1809)
  • Ecuador +(593)
  • Egypt +(20)
  • El Salvador +(503)
  • Equatorial Guinea +(240)
  • Eritrea +(291)
  • Estonia +(372)
  • Ethiopia +(251)
  • Falkland Islands (malvinas) +(500)
  • Faroe Islands +(298)
  • Fiji +(679)
  • Finland +(358)
  • France +(33)
  • French Polynesia +(689)
  • Gabon +(241)
  • Gambia +(220)
  • Georgia +(995)
  • Germany +(49)
  • Ghana +(233)
  • Gibraltar +(350)
  • Greece +(30)
  • Greenland +(299)
  • Grenada +(1473)
  • Guam +(1671)
  • Guatemala +(502)
  • Guinea +(224)
  • Guinea-bissau +(245)
  • Guyana +(592)
  • Haiti +(509)
  • Holy See (vatican City State) +(39)
  • Honduras +(504)
  • Hong Kong +(852)
  • Hungary +(36)
  • Iceland +(354)
  • India +(91)
  • Indonesia +(62)
  • Iran, Islamic Republic Of +(98)
  • Iraq +(964)
  • Ireland +(353)
  • Isle Of Man +(44)
  • Israel +(972)
  • Italy +(39)
  • Jamaica +(1876)
  • Japan +(81)
  • Jordan +(962)
  • Kazakstan +(7)
  • Kenya +(254)
  • Kiribati +(686)
  • Korea Democratic Peoples Republic Of +(850)
  • Korea Republic Of +(82)
  • Kosovo +(381)
  • Kuwait +(965)
  • Kyrgyzstan +(996)
  • Lao Peoples Democratic Republic +(856)
  • Latvia +(371)
  • Lebanon +(961)
  • Lesotho +(266)
  • Liberia +(231)
  • Libyan Arab Jamahiriya +(218)
  • Liechtenstein +(423)
  • Lithuania +(370)
  • Luxembourg +(352)
  • Macau +(853)
  • Macedonia, The Former Yugoslav Republic Of +(389)
  • Madagascar +(261)
  • Malawi +(265)
  • Malaysia +(60)
  • Maldives +(960)
  • Mali +(223)
  • Malta +(356)
  • Marshall Islands +(692)
  • Mauritania +(222)
  • Mauritius +(230)
  • Mayotte +(262)
  • Mexico +(52)
  • Micronesia, Federated States Of +(691)
  • Moldova, Republic Of +(373)
  • Monaco +(377)
  • Mongolia +(976)
  • Montenegro +(382)
  • Montserrat +(1664)
  • Morocco +(212)
  • Mozambique +(258)
  • Myanmar +(95)
  • Namibia +(264)
  • Nauru +(674)
  • Nepal +(977)
  • Netherlands +(31)
  • Netherlands Antilles +(599)
  • New Caledonia +(687)
  • New Zealand +(64)
  • Nicaragua +(505)
  • Niger +(227)
  • Nigeria +(234)
  • Niue +(683)
  • Northern Mariana Islands +(1670)
  • Norway +(47)
  • Oman +(968)
  • Pakistan +(92)
  • Palau +(680)
  • Panama +(507)
  • Papua New Guinea +(675)
  • Paraguay +(595)
  • Peru +(51)
  • Philippines +(63)
  • Pitcairn +(870)
  • Poland +(48)
  • Portugal +(351)
  • Puerto Rico +(1)
  • Qatar +(974)
  • Romania +(40)
  • Russian Federation +(7)
  • Rwanda +(250)
  • Saint Barthelemy +(590)
  • Saint Helena +(290)
  • Saint Kitts And Nevis +(1869)
  • Saint Lucia +(1758)
  • Saint Martin +(1599)
  • Saint Pierre And Miquelon +(508)
  • Saint Vincent And The Grenadines +(1784)
  • Samoa +(685)
  • San Marino +(378)
  • Sao Tome And Principe +(239)
  • Saudi Arabia +(966)
  • Senegal +(221)
  • Serbia +(381)
  • Seychelles +(248)
  • Sierra Leone +(232)
  • Singapore +(65)
  • Slovakia +(421)
  • Slovenia +(386)
  • Solomon Islands +(677)
  • Somalia +(252)
  • South Africa +(27)
  • Spain +(34)
  • Sri Lanka +(94)
  • Sudan +(249)
  • Suriname +(597)
  • Swaziland +(268)
  • Sweden +(46)
  • Switzerland +(41)
  • Syrian Arab Republic +(963)
  • Taiwan, Province Of China +(886)
  • Tajikistan +(992)
  • Tanzania, United Republic Of +(255)
  • Thailand +(66)
  • Timor-leste +(670)
  • Togo +(228)
  • Tokelau +(690)
  • Tonga +(676)
  • Trinidad And Tobago +(1868)
  • Tunisia +(216)
  • Turkey +(90)
  • Turkmenistan +(993)
  • Turks And Caicos Islands +(1649)
  • Tuvalu +(688)
  • Uganda +(256)
  • Ukraine +(380)
  • United Arab Emirates +(971)
  • United Kingdom +(44)
  • United States +(1)
  • Uruguay +(598)
  • Uzbekistan +(998)
  • Vanuatu +(678)
  • Venezuela +(58)
  • Viet Nam +(84)
  • Virgin Islands, British +(1284)
  • Virgin Islands, U.s. +(1340)
  • Wallis And Futuna +(681)
  • Yemen +(967)
  • Zambia +(260)
  • Zimbabwe +(263)

Attach File

(max file size 5MB; allowed extensions: doc, txt, pdf, docx)

subscribe to newsletter

Your email address will not be published.

Required fields are marked *

Ask a Question

Your email address will not be published.

Required fields are marked *

Sorry, this page isn't quite ready yet

redirecting to the old site

5

Mobilunity

cannot account for customer alterations, as the site may reflect changes made after the project was completed.

Mobilunity - Dedicated Developers
5