Research on anti-decompile and anti-compilation solution for Android code obfuscation

Do Android developers know to do confusion to anti-APK is anti-compilation, crack, through the Proguard Java code confusion. But can Android code obfuscation really play a real role? Look at the following analysis

1, Android code confusion

For example, after confusing the Android code, the obfuscation will encrypt the names of all the variables, functions, and classes in the code into short alphanumeric codes, adding to the difficulty of reading the code when the app is cracked.

But the effect of confusion can only work after the app has been cracked, and only to increase the difficulty of the cracker time, the role of its prevention is not very significant.

So, the Android code confusion can not be fundamentally anti-cracking, what is the method? Next look:

2, anti-tool to crack the pseudo-encryption

Pseudo-Encryption is one of the most popular encryption methods before the android4.2.x system is released, and the APK (compressed file) is pseudo-encrypted by Java code, which is modified by modifying the 5th byte after the continuous 4-bit byte labeled "P K 01 02", and the odd number means that an even number is not encrypted. The pseudo-encrypted apk not only prevents the PC from extracting and viewing it, but also prevents the compilation of the anti-compilation tool.

But pseudo-encryption to its APK encryption after the market can not be security detection, some markets will reject this type of apk upload market. The encryption and decryption methods of pseudo-encryption have long been published, resulting in a much lower level of security. The android4.2.x system cannot install a pseudo-encrypted apk.

From the above can be seen, the Android code obfuscation is not as good as pseudo-encryption. But Android code obfuscation, pseudo-encryption is not the most reliable method. Keep looking.

3, anti-tool hack apk zip file hack

APK on the PC can be seen as a compressed file, in the Android system it is a mobile phone system software files. Android apk recognition is from the logo head to the end of the flag, and other redundant data will be ignored. So say at the end of the logo to add additional data to the APK as a compressed file on the PC side of the file is destroyed, so you want to unzip it or view will prompt the file is corrupted, with the anti-compilation tool will also prompt the file is corrupted, However, it does not affect the normal operation and installation of the Android system and is compatible with all systems.

But this apk compression package destroys the same problem as the APK pseudo-encryption, the individual market will not be able to identify the market can not be uploaded. Using the zip file Repair tool can also fix it so that the protection we do is gone.

Three analysis, Android code obfuscation, pseudo-encryption, compressed file cracking and so on can not fundamentally solve the Android code obfuscation anti-compilation, cracking problems. So, let's go on.

4. Using third-party platform encryption

Google's security for Android app is to give apk simple encryption, Java Layer Source shell protection, the core so library , resource files , master Files , third-party jar package without any protection processing. The protection has been compromised by hackers but has not done any upgrade to maintain the Android app now without any security.

Take the mobile application security industry's third-party platform-"Love Encryption", on the basis of the confusion of Android code, with the source shell protection, so library core code shell protection, resource file signature protection, APK anti-two package protection and so on to the full-aspect of the apk protection. And the encrypted app does not affect its operational efficiency and user experience at all, and compatibility is optimal.

To sum up, the Android code only to confuse is not possible, to really protect the security of Android code, or to seek more secure encryption protection technology! Table only to be confused with Android code!

Research on anti-decompile and anti-compilation solution for Android code obfuscation