I'll try and follow what you have mentioned with a quick example. If I have a function that I would like to share such as 'makeChanges(byte[])', the first thing I would do would be to write/ import the code for the method. Then once the code is written I would convert it to a dex file. You mention that the dex file is encrypted and that I could unencrypt it within the 'makeChanges(byt[])' function with DexClassLoader. If this is the case however, then does it really stop the person from then just reverse-engineering the decryption part of the program and gaining access once more to the information that is encrypted on disk?
On May 10, 8:47 am, Earlence <earlencefe...@gmail.com> wrote: > Obfuscation will help to an extent. > > what I can think of this something like this: > > Create your library in 2 parts. > > 1. an Executor - this will bridge calls to a JAR > 2. the libary itself. downloadable from a URL. > > The code is loaded via DexClassLoader, but whenever the file is on > disk, the bytecode is encrypted. > Have a wrapper around DexClassLoader that will decrypt the bytecode on > the fly in memory and then loaded. > > -Earlence > > On May 9, 10:08 pm, ColorTheorist <colortheorydevelo...@gmail.com> > wrote: > > > > > If we are working with a development team on an Android application > > and we would like to design an API for another company to use that > > library to enhance their capabilities, I don’t see too many options > > for keeping our ‘secret’ code components to ourselves. Can we even > > obfuscate the code that we are giving them? After all, they > > essentially get the jar file that they can include in their project. > > From what I can find from resources online, it almost sounds as though > > the source code cannot be kept from a user who wants to easily > > decompile it. Aren’t the Google API libraries kept secret somehow > > from users? Can’t we use those same principles to secure our own? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
