Reputation: 6556
Obfuscate URLs in Android client application
I wrote an android client app in which I am using static URLs to "post" to my server. I decompiled the APK using APKTool and found tht I could see the URL I mentioned in the .java code in the .smali file it generated. I want to avoid having this URL shown like this. Is there any way to hide /obfuscate the URL in the java code?
This is the sample from the decompiled .smali file.
invoke-direct {v8}, Lorg/apache/http/impl/client/DefaultHttpClient;-><init>()V
.line 194
.local v8, httpclient:Lorg/apache/http/impl/client/DefaultHttpClient;
new-instance v9, Lorg/apache/http/client/methods/HttpPost;
const-string v23, "http://example.com/getdata.php"
move-object/from16 v0, v23
invoke-direct {v9, v0}, Lorg/apache/http/client/methods/HttpPost;-><init>(Ljava/lang/String;)V
Upvotes: 0
Views: 1263
Answers (1)
Reputation: 3344
The URL can be obfuscated using things like encryption, base64 encoding and whatnot, but nothing you do to affect the client application can secure your URL. A savvy programmer will always be able to identify what messages your application is sending out; If you want security, secure the server, not the client
Upvotes: 5
Related Questions
- How to hide API URL and parameters in Android APP?
- How to secure the server URLs in Android application
- android - how to hide url request
- Obfuscating android API
- How to secure url in my code android?
- android how to hide or protect from url link in source code
- Android How to hide server url for security in code?
- Protect url from decompiling
- java android URL encrypting
- Encryption String in Android