On Thu, May 10, 2012 at 1:18 PM, ColorTheorist <colortheorydevelo...@gmail.com> wrote: > I'll try and follow what you have mentioned with a quick example. > > If I have a function that I would like to share such as > 'makeChanges(byte[])', the first thing I would do would be to write/ > import the code for the method. Then once the code is written I would > convert it to a dex file. You mention that the dex file is encrypted > and that I could unencrypt it within the 'makeChanges(byt[])' function > with DexClassLoader. If this is the case however, then does it really > stop the person from then just reverse-engineering the decryption part > of the program and gaining access once more to the information that is > encrypted on disk? >
In general I think this is lost cause.. Sure, you can use obfuscation and make it harder to reverse engineer, but there's nothing stopping someone from hacking their device, grabbing the library in memory, etc... You can get security through obscurity, but in general why are you worried about your library that much? If you have some truly private API, you could always try creating an interface to it, and then farm out the "super secret" parts out to a web service, but if you hand them the code (in any form, binary, bytecode, or otherwise), it's always possible to reverse engineer it to some extent. And you mentioned in a previous post that the Android library was obfuscated. Why do you believe this? Android is open source, you can find the sources to android-x.jar easily online. kris -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
