Deepak Dimri February 2016

Why we are able to view source code of java from jar or apk file

We know that we are able to view the source code of Android apk file or .jar file using some tools available for free. how to extract code of apk file

With this thing few question comes to my mind.

  1. Is this a security flaw that our app code is open to all even after compiling and building the source code using some tools ?

  2. Does every thing is java world like that like we can view html css jscript codes for a website for free.Should i compare it with that.

  3. Just like .jar file can we view code from .exe, .command or other files formats which i think are not human-readable.

  4. How to prevent my code from viewing inside an apk or jar file.Because i don't want my pain app code should behave as a open source.

I was surprised when i was able to get android project back from .apk file.

  1. Suppose my company has spend billion dollar in making app from some firm. And decided to make propitiatory not under any open source license. Also we want to protect if from the other companies which might copy my app code to create their own.

  2. Is legal is the only things that can prevent code copying.

  3. Suppose my company is creating a hotel booking app and spend thousands dollar on it some other hotel requires same ,they decompile my app and change some strings and basics things. So in that way they enjoy every thing for free.How to prevvent that situation.

  4. I want to protect various things like GoogleAnalyticsID, GooglgeAdsense,GoogleAdword and other premium third party API string to be prevented how do i do that.

Answers


Doug Stevenson February 2016

  1. There is no security flaw. It is well known that someone can take compiled code for any software platform and reverse engineer it into source code that could compile back into code that executes similarly.

  2. You can not reconstitute the exact original source code from compiled code. For example, compiled code will not have the comments that were in the original source code. It will probably not have the original names of local and parameter variables as well.

  3. Yes, this is like I said in #1.

  4. You cannot stop someone from reverse engineering your software products. You can only make it harder for someone to do so. For example, the Android toolchain provides the ability to run all compiled code through the ProGuard obfuscation tool, which is do as much as it can to strip out unnecessary details and change the names of classes and methods that can be modified without changing the functionality of the code.

Post Status

Asked in February 2016
Viewed 2,696 times
Voted 11
Answered 1 times

Search




Leave an answer