禁用从已安装的Android应用程序获取APK文件
[英]Disable taking apk file from an installed android application
问题描述
Usually it is possible to take .apk file of an android application even after it is installed in a device. 
通常,即使将Android应用程序安装在设备中,也可以获取.apk文件。 But I could find some applications, which are protected from taking their .apk files. 但是我可以找到一些应用程序,这些应用程序可以防止使用.apk文件。
As it is also possible to extract code from the .apk file, I think the developers code is not safe. 由于也可以从.apk文件中提取代码,因此我认为开发人员代码并不安全。 Can anybody tell me how can I prevent a third party from taking .apk file of my android application? 有人可以告诉我如何防止第三方获取我的android应用程序的.apk文件吗?
Thanks in advance.. :) 提前致谢.. :)
2 个解决方案
解决方案1
0 2013-10-08 09:38:37
As for not having the possibility to take the APK, I don't think you can really prevent it since eventually it is only a file located somewhere in the internal storage. 至于没有APK的可能性,我认为您真的无法阻止它,因为最终它只是内部存储中某个位置的文件。 As long as the user has enough permissions he can extract it. 只要用户具有足够的权限,他就可以提取它。
Protecting the code. 保护代码。 There are several levels of protection but eventually, you cannot prevent it If you do nothing, the reverse engineering of the code is pretty simple. 有几个保护级别,但是最终您无法阻止它。如果什么也不做,则对代码进行反向工程非常简单。 There are several tools to obtain some level of security. 有几种工具可以获取一定程度的安全性。 For example, ProGuard , which is a Google's tool which already built in in most Android IDEs. 例如, ProGuard ,它是大多数Android IDE中已经内置的Google工具。
An excellent SO post for code protection: How to avoid reverse engineering of an APK file? 出色的SO保护代码后: 如何避免APK文件的反向工程?
解决方案2
0 2014-05-13 06:11:00
I was investigating this issue and thought I will update here. 我正在调查此问题,并认为我将在此处进行更新。 It is recommended for security reasons that you set this in your android manifest file: 出于安全原因,建议您在android清单文件中进行设置:
android:allowBackup="false"
So, if somebody tries to do a full adb system backup or uses it to backup your app in particular, it won't come in the backup, thus preventing them to extract the apk from there. 因此,如果有人尝试进行完整的adb系统备份或使用它特别备份您的应用程序,则备份中将不会包含该备份,从而阻止他们从那里提取apk。 I tested this and it works, ie the adb backup didn't allow backup of my sample app. 我对此进行了测试,并且可以正常工作,即adb备份不允许备份我的示例应用程序。
Then I installed an app for taking app backups (ES File explorer), and unfortunately, it allowed the .apk backup to be taken for my sample app where backup was disabled. 然后,我安装了一个用于进行应用程序备份的应用程序(ES File Explorer),不幸的是,它允许对禁用了备份的示例应用程序进行.apk备份。 And this was an unrooted device. 这是一个无根的设备。 This seems to indicate that setting this property in manifest doesn't prevent other apps to take backups. 这似乎表明在清单中设置此属性不会阻止其他应用进行备份。
So there are few options left: 因此,剩下的选项很少:
- Use proguard and other best practices to make it difficult to reverse engineer your apps. 使用proguard和其他最佳实践,很难对应用进行反向工程。
- Use app licensing keys provided as a service by Google Play to avoid piracy of your app. 使用Google Play提供的作为服务的应用许可密钥,以避免盗版您的应用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.