How to secure an APK file to protect it from decompilation

Question

I have an Android project, and I want to protect the APK file because I found it very easy to decompile. With a little research, I found ProGuard, but I don't know how to use it to protect my app.

Answer 1

Technically you don't protect the file against decompilation but you simply make it harder to understand your decompiled code/logic

1. the first tool you can use to immediately increase the difficulty in reading the decompiled code is ProGuard, which you can activate directly in Android Studio
   
2. ProGuard provides obfuscation for free and is super nice but not necessarily enough to guarantee the right level of security. Check this link to understand the practical difference in the code readability of the sample code [original code, code after proguard only and code after professional tool]
   
3. some other good tips are described here. In particular if the level of security required is very tight [fintech, healthcare, etc.] I strongly suggest you to consider paid solutions like DexGuard, Quixxi, Arxan just to say a few. The advantage with them is that they can automate most of the best practices, leaving you only with the duty to take care about functionalities [i.e. without thinking about security practices]. Which means faster and safer delivery

Answer 2

• I use quixxi, it is much simpler and more efficient than Proguard.
• You can also try whitecryption, have no experience with it though.

Answer 3

how about trying ProGuard yourself? a really good explanation could be found over here: http://proguard.sourceforge.net/index.html#manual/index.html