Conclusion
We’ve seen how easy it is to remove an APK from a phone. We’ve made several attempts at making it more and more difficult to decompile the code by using increasingly stronger versions of obfuscation. We’ve seen how someone can manipulate your APK by disassembling it and editing the Smali and then reassembling it to change its behavior. However, none of these completely protect the code. They raise the bar, quite high in some cases, but they all come with risks such that determined hackers with some time on their hands can debug your app and get at your code.
But what if you put it elsewhere? It’s perfectly acceptable—with one caveat—to keep your most important code on a backend server. We will look at this in more detail in Chapter ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
