Android Studio Java decompiler
This questions is too broad. So I will split the questions and answers:
How good are Java decompilers nowadays?
Very good. You are likely to get readable classes back.
Are there protection mechanisms to prevent decompilation?
Yes, things like code obfuscators, or even other alternatives
Any security concerns to have in mind?
All security concerns are best kept in mind, depending on your application.
Against decompilers?
Not really, your code should be readable and still dont pose a threat to the system or its users. The best concept here would be the "white box" concept, in wich your code does not need to be hidden.
If you are handling something that should not be know, try executing it in a controlled enviromment, such as a controlled webservice.
André Fratelli
Updated on June 29, 2022Comments
-
André Fratelli almost 2 years
I recently found out about Android Studio's decompiler and a few questions arose as I'm currently involved in an Android project. I just tried it and it generated near perfect code, surprisingly.
How good are Java decompilers nowadays? Are there protection mechanisms to prevent decompilation? Any security concerns to have in mind?
Best.
-
Andrew Rukin over 8 yearsAndroid decompilers have made huge progress recently. Just take a look at open-source apk decompiler called Jadx: sourceforge.net/projects/jadx/files. It hase also online version here: javadecompilers.com/apk
-
NoWar almost 7 yearsThere is a good one here javadecompilers.com
-
-
André Fratelli almost 9 yearsCould you expand on that white box concept?
-
Antimony almost 9 years@AndréFratelli If your security relies on people not being able to understand the code of your app, then you have no security.
-
Bonatti almost 9 years@AndréFratelli Basically what Antimony said. This means that if the security of your process is based on user being un-aware of what is being performed, then the security is heavily flawed (on average)... usually a good security system is a "white box" when several developer can see what is being done, and can contribute to its code.. you might want to read this
-
André Fratelli almost 9 yearsWell, I didn't mean that kind of security, I mean on how to protect the source. I haven't used a decompiler for many years and recently I saw what Android's decompiler did to a Java .jar file and I was surprise, I have to admit my ignorance there. The decompilation was perfect. As I'm currently working on a close-source project I find it disturbing that it has become so easy to get the source. I know that reverse-engineering has been done since well, ever, but it seems that Java is especially sensitive to it, I guess.