How Android prevents code from being deserialized

As an Android app developer, you have to face an awkward situation where your hard-to-develop apps can be easily recompiled by others.

Google seems to have found the problem, starting with SDK2.3 we can see a Proguard folder under Android-sdk-windows\tools\

Proguard is a Java code obfuscation tool, through proguard, even if the other people decompile your APK package, you will only see some difficult to understand the code, so as to achieve the role of protection Code.

In the project "Default.properties" add such a sentence "Proguard.config=proguard.cfg"
After packing the signed. APK is confusing, in fact, we just have to do a step on the "default.properties" to add such a word "proguard.config=proguard.cfg" on it.

If you want to confuse the code more complex, you can configure the file in detail.




because APK is loaded by Android virtual machine, it has certain specifications, encryption APK after Dalvik cannot recognize apk. It's impossible to avoid it altogether, and someone will always be able to hack your code. But there are several
ways to improve the difficulty of being recompiled with a replacement code:

1 Key code uses JNI to invoke local code, written in C or C + +, so it is relatively difficult to decompile

2 confusing Java code. Obfuscation is the case of not changing the code logic, adding useless code, or renaming, so that the post-compilationSource Codedifficult to read.

Online Open source Java code obfuscation tools are more, usually in Ant's Way to compile

Android Obfuscation file proguard.cfg detailed:

-injars Androidtest.jar "jar Package Address"
-outjars out "Output address"

The jar of the library referenced by-libraryjars ' D:\android-sdk-windows\platforms\android-9\android.jar ', used to parse the jar class specified by Injars "

-optimizationpasses 5
-dontusemixedcaseclassnames "does not produce a variety of class names when confused"
-dontskipnonpubliclibraryclasses "Specifies that non-public library classes are not ignored. 】
-dontpreverify "No pre-check"

-verbose
-optimizations!code/simplification/arithmetic,!field/*,!class/merging/* "Optimization"

-keep public class * Extends Android.app.Activity "No confusion remains as is"
-keep public class * extends and ROID.APP.APPLICATION
-keep public class * extends ANDROID.APP.SERVICE
-keep public class * extends Android.content.BroadcastReceiver
-keep public class * extends ANDROID.CONTENT.CONTENTPROVIDER
-keep public class * extends ANDROID.APP.BACKUP.BACKUPAGENTHELPER
-keep public class * extends ANDROID.PREFERENCE.PREFERENCE
-keep public class Com.android.vending.licensing.ILicensingService

-keep Public abstract Interface COM.ASQW.ANDROID.LISTENER{
public protected <methods >;   "All methods do not confuse"
}
-keep public Class COM.ASQW.ANDROID{
public void Start (java.lang.String); "Do not confuse this method"
}

-keepclasseswithmembernames class * {"protects the name of a member of a specified class and class if all the specified class members are present (after the compression step)"

Native <methods>;
}

-keepclasseswithmembers class * {"Protects the members of the specified class and class, but the condition is that all specified classes and class members are to be present." 】
Public <init> (Android.content.Context, Android.util.AttributeSet);
}

-keepclasseswithmembers class * {
Public <init> (Android.content.Context, Android.util.AttributeSet, int.);
}

-keepclassmembers class * extends Android.app.Activity {"Protects members of a specified class if this class is protected they will be better protected"
public void * (Android.view.View);
}

-keepclassmembers enum * {
public static **[] values ();
public static * * VALUEOF (java.lang.String);
}

-keep class * Implements Android.os.Parcelable {"Protection of members of specified class files and classes"
public static final Android.os.parcelable$creator *;
}

How Android prevents code from being deserialized