Reputation: 3797
Android Hacking Prevention
I am putting the final touches on my android app. The app is a full networking game, so it is always using the internet when you are running it. I want to prevent someone from extracting the .apk from the phone, decompiling the code and then changing and extending my classes to do bad things to my server. Here is how the app sets up the networking:
- Client connects to the server
- Server sends client a "session key" that is used for encryption
- Server and client communicate with encrypted data based on the key they share
Now, I'm worried someone will decompile my code and change it so that they can do whatever they want in the game. Is there a way to make sure the classes haven't been changed? Is there a way to check the size of a .class file during runtime? Anyone have any ideas?
Upvotes: 0
Views: 427
Answers (3)
Reputation: 17206
If you are doing your game entirely in Java you can use ProGuard to obfuscate the application code, thus when it is turned into Smali by a hacker, the code is very difficult for a human to read.
If you have the option of including shared libraries, you can include the needed code in C++ to verify file sizes and integration, etc.
Upvotes: 0
Reputation: 5924
As everyone says, and as you probably know, there's no 100% security. But the place to start for Android that Google has built in is ProGuard.
Upvotes: 3
Reputation: 74780
Whatever you do to your code, potential attacker is able to change it in any way she or he finds it feasible. You basically can't protect your application from being modified. And any protection you put in there can be disabled/removed.
You can do different tricks to make "hacking" harder though. For example, use obfuscation (if its Java code). This usually slows down reverse engineering significantly.
Upvotes: 4