我创建了Android和iOS的应用程序,我已经知道,这是理论上可以反编译Android应用程序。该应用程序包含我不希望用户能够访问同一个Web服务器应用程序接口的敏感信息。如果用户获取了一些信息提供源$ C $ C,它们可能潜在的垃圾邮件我的Web服务器的请求。
I'm creating an app for android and ios, and i already know that it's theoretically possible to decompile an android app. The app contains sensitive information that i don't want users to have access to as the app interfaces with a webserver. If a user gained access to some information available in the source code, they could potentially spam my web server with requests.
有没有什么办法来验证应用程序和服务器之间的连接,假设源$ C $ c是可访问的,或者是有什么办法来混淆我的code至prevent来自恶意用户垃圾邮件我的网络服务器。
Is there any way to authenticate a connection between the app and the server, assuming that the source code is accessible, or is there any way to obfuscate my code to prevent a malicious user from spamming my webserver.
Thankss
推荐答案
Proguard的是一种工具,将帮助你obfusate您的code。这都为你的android工具的一部分,你只需要激活它。 This链接和这将进一步帮助。
Proguard is a tool that will help you obfusate your code. This comes as part of your android tools and you just need to activate it. This link and this will help further.
Proguard的默认配置(proguard.cfg)将足以充分混淆你的code。然而,你可能要调整你的ProGuard的配置,当你有正在动态访问方法/类。
Proguard's default configuration (in proguard.cfg) will be enough to sufficiently obfuscate your code. However you might want to tweak your proguard configuration when you have methods/classes that are being dynamically accessed.
例如,访问类/与反射方法需要你有code是完整的。您有时可能会遇到ClassNotFoundException的,如果ProGuard的混淆了。
For instance, accessing classes/methods with Reflection will need you to have the code to be intact. You might sometimes experience ClassNotFoundException if proguard obfuscates it.
如果您有在AndroidManifest /布局文件被访问类,你应该prevent ProGuard的混淆,从他们。
If you have classes that are being accessed in the AndroidManifest/ Layout Files, you should prevent proguard from obfuscating them.
这可以通过添加完成
-keep public class <MyPackage.MyClass>
您proguard.cfg。
to your proguard.cfg.
相关推荐
最新文章