Does the ability to decompress .apk files imply that anyone can find the source code of all proprietary applications in the playstore?

Question

I just stumbled upon this question. According to the answers, it is easily possible to see the source code of any proprietary application from the playstore (using their .apk file).

So how do companies for whom it is important to secure their source code, prevent hackers from getting their hands on the source code of the applications?

Answer 1

it is easily possible to see the source code of any proprietary application? YES!

Even worse: it is very easy to CHANGE the code. See apktool: http://ibotpeaches.github.io/Apktool/

Answer 2

Yes, you can decompile any APK that you can get your hands on, including any app on your device.

So how do companies for whom it is important to secure their source code, prevent hackers from getting their hands on the source code of the applications?

One level of protection is obfuscation, which obscures your class, method, and variable names with semantically obscure names. For example superSecretVariable might just become a. In Android, you can easily enable obfuscation using ProGuard.

Of course, obfuscation isn't all that secure. It makes your code much more difficult to read, but a determined person can still figure out what is going on. Constants (such as a String containing an API key) will also still be visible, just with an odd variable name.

For code that requires the highest level of security, the solution is to simply not include it in your app at all. If your company has a proprietary algorithm for example, that algorithm could run on a server controlled by your company. The app will send the necessary inputs, and the server will send back the output.