Reverse Engineering Apps. A Primer

Share if the site was helpful

Reverse Engineering Apps.  A Primer

Reverse engineering is a pretty cool concept.  Someone builds something, you want to see how they did it, so you take it apart and see how it was put together in the first place.   It can be a great way to learn, and it pushes technological progress forward.  But there’s also a dangerous side to it.

Reverse engineering done with malicious intent can lead to copyright infringement or other damages.  It’s a fine line to walk on for what is ethical and what isn’t, and that doesn’t change inside of the Android world.  In here reverse engineering is common and developers should always account for it when building apps to make sure they’re taking necessary precautions.

The term for reverse engineering an app is “decompiling”, and what you’re decompiling is an APK (Android Package Kit).   This is essentially just a .zip file that stores our apps code.  You build an APK when you compile your code and use that APK to upload the app onto the Google Play Store.  This is then what users around the world download onto their devices.  And if they’re tech-savvy enough, they can open up this APK and see what’s inside.

Why Decompile?

Let’s take a second to think about a couple reasons why we would want to decompile our APKs.  One possibility is that we’ve misplaced our source code and are hoping to recover it.  If this was the case then we could decompile our app from a phone it was already on. Note that this has its limitations as the decompiled code will not be the exact same as the original.  Some parts will be lost along the way, so make sure you save your code on Github!

Another possible reason for decompiling an app would be to evaluate its security.  If you’re able to see things you want to keep private simply by decompiling an app, other people can too.  And chances are they won’t always be decompiling for education purposes.  I’ll be following up on this blog shortly with another one going more in depth on how to properly hide secrets in your apps.

And of course there’s always decompiling for modding purposes. If you reverse engineer an app and put it back together how you want then you can add new features or customize how things behave.  Here’s where I throw in a disclaimer that you should make sure you’re a law abiding citizen while doing these things.  Lots of companies/developers would be very unhappy to hear that someone is decompiling their apps to make monetary gains.

How To Decompile?

The good news is that if you want to decompile apps on your own, you absolutely can!  You’ll need to download a popular tool known as apktool, and also make sure you have java set up on your computer.    Here’s an great video showing how to use apktool to theme and edit android apps.

 

Want to know more about decompiling apps?  Don’t worry we’ll be writing lots more on it soon, but in the mean time let us know what you want to know in the comments below!

Android’s Developer Website Just Got A BIG Makeover

Share if the site was helpful

Android’s Developer Website Just Got A BIG Makeover

If you’ve ever thought about developing for Android then chances are you’ve at least stumbled upon developer.android.com.  And chances are you left with a bitter taste in your mouth.  Fear not, things are looking up.

I remember my first time looking at Android’s developer docs.  I was a novice developer and as such the website was chock-full of useful information, but it seemed borderline impossible to navigate.  Countless topics linked into one another describing the different components of an app.  Couple this with all the attributes listed for each subject, and your brain quickly starts to spin.

What’s New?

I’ve discussed this navigation difficulty with others before, and that’s why I was so happy to hear the website just got a makeover.  First off, it looks much better.  Whitespace is used to give the new layout a sleeker more aesthetic look while the landing page emphasizes a preview for Android P.  Scrolling down from there the home page is neatly divided.  Sections for featured topics, material design, and where to begin your development journey pave the path.

But, of course, there’s much much more to this website than how it looks.  The most important thing is that someone who finds themselves here actually learns about what they’re looking for.  The new website does a much better job of guiding users who are in uncharted territory.  Selecting “Docs” in the top banner takes users to this page.

In here the core developer topics that every android programmer NEEDS to know about are listed.  Clicking on each of these links will take the user to a simple explanation accompanied with an intro video.  Then immediately below these are trees of related/more in-depth topics.  The result is an easy cursory explanation of each topic and then more complicated explanations for those that want to learn more.

Material Design and More

The website has tons of sections and features, but one other one I’d like to highlight is the “Design & Quality” tab.  It’s important to remember that there’s more to developing that just creating sound logic.  Users of your apps also have come to expect high quality layouts and design patterns.  This section of the website helps explain to developers how to wow users with apps that know what they want before even they do.

In summary, the old developer website was certainly useful, you just needed to know what you were looking for.  The new model offers a much easier guide for new entrants. It takes them by the hand and shows them both what topics are easy to comprehend and what fundamentals should be learned first.  Overall I think the new website is a vast improvement to its somewhat clunky counterpart, and I look forward to using it as my development journey continues.

Have you check out the new site and feel that it’s still missing anything?  Let us know in the comments below!

Android Security Is Still Secure. Seriously.

Share if the site was helpful

Android Security Is Still Secure. Seriously.

There’s been a lot of media hype this past month about Android phones and their lack of security.  Headlines such as “How Android Phones Hide Missed Security Updates From You” have been floating around causing mass panic.

Take a deep breath.  It’s ok.

Despite the plethora of recent articles claiming that Android phones are under attack and that you’re a victim, chances are you’re actually safer than you think.  Yes there was a study earlier this month that found some phones were behind on their security updates.  But that doesn’t mean that all of your data is exposed to whoever wants to take it.  Even with a few security updates missing, you should be alright.  Let’s take a second to discuss some of the other security features that Android architecture has in place to protect you:

Google Play Protect

Google Play Protect is a safeguard to protect Android users from malicious apps.  Even with Google’s screening process to let apps onto the Play Store, chances are some baddies will slip through the cracks and are available for download.  Google Play Protect attempts to stop these apps in their tracks by doing routine scans on your phone for every app even after it’s been installed.  If there’s a cause for concern detected, you’ll be notified. 

This software also applies to apps updates, so the short version of it is that apps can’t just slide by once. As long as you have Play Protect enabled on your phone, apps are continuously exposed to it.  Chances are your phone already has Play Protect, but if you want to be sure (or just see what it’s been up to) you can find it in the Play Store.  Open the store and then tap the 3 horizontal bars menu icon.  Then select “Play Protect” and you’ll be taken to a page showing what apps have been scanned recently and how your device looks.

Sandboxing

Android apps are naturally sandboxed from one another.  What this means is that each apps data and code execution is isolated from others.  So if you happen to download the wrong app it doesn’t mean it will automatically have access to all of the apps already on your phone.  We go into depth about the android security framework in our Android development course over at Phonlab.  Content Providers offer a storage mechanism for apps so that their information has to be requested before it can become accessible to just anyone.

Android Permissions work along with this to make sure that no matter what if you have some common sense you should be safe.  Permissions essentially are requirements that if an app utilizes a certain feature (such as syncing with your contacts) it has to be granted permission by the user.

These permissions are presented to a user when the app attempts to access them, and are only allowed when the user says so.  You retain complete control over what access an app has.  Imagine you downloaded a game and it started asking you for access to your contacts and your saved media files.  Red flags should be going up right away since a game has no reason to use these.  As long as you don’t blindly hit accept to every permission, you retain a ton of control over what an app can actually do.

What are your thoughts on Android’s security measures?  Let us know in the comments below!

en English
X