我相信这个问题已经被问到了,但我对他们的回答不满意,并在这里再次发布。
有人可以告诉我如何保护我的 android 应用程序资产免受想要构建类似应用程序的抄袭猫的侵害吗?
问问题
8804 次
3 回答
9
As always there is a trade-off between convenience and security. The more secure you want your app the less convenient it will be for you to develop.
The source code is inherently insecure due to ease of decompiling especially with rooted phone. To protect your source code you can obfuscate and/or encrypt your code which will prevent decompiling. Not exactly sure what tools are available for Android, but I am sure it will complicate your build process. If you just obfuscate, decompiling may still be possible, but will be much more difficult and will likely require the person attempting to decompile your code to know and understand Bytecode if a strong level of obfuscation is used.
To protect your assets, I believe your only option is to use encryption. Again this will complicate the app and/or build process depending on where you implement.
Even if you use encryption to protect your assets, you must protect the encryption key within your source code. Obviously, it does not matter what encryption scheme you use if your encryption key is in plaintext in the source code then anybody can grab the key and your asset and decrypt. All this does is add one more small fence to jump over.
However, if you correctly protect the encryption key and use a good encryption algorithm you should have less to worry about. This is a fairly complicated process though, it is difficult to use a key for encryption within your code and not keep it in plaintext. Even if you don't keep it in plaintext within the code, at some point it must be in memory to perform decryption. So if somebody can attach a debugger or dump memory at the right time, it will compromise the key. Of course, this requires a much more skilled adversary.
Overall, you need to decide exactly who you are worried about stealing your assets. If you are worried about the average Joe copying them, then you should be ok. If you are worried about a professional hacker, script kiddie, etc. gaining access to them then you are probably out of luck.
于 2013-08-09T16:29:18.567 回答
8
有人可以告诉我如何保护我的 android 应用程序资产免受想要构建类似应用程序的抄袭猫的侵害吗?
一般来说,你不能。如果它在应用程序中,任何想要的人都可以找到它们。
欢迎您推出自己的加密方案,或使用DexGuard等工具。但是,由于解密引擎和密钥必须在应用程序本身中,所有这些都会增加获取资产所需的工作量。增加难度会降低有人从您的 APK 中获取资产的可能性,但这并不能阻止这种可能性。而且,当然,还有其他方法可以获取大部分内容(例如,屏幕截图和图像编辑器,录制应用程序播放的音频)。
于 2013-08-09T16:25:57.070 回答
0
您可以通过使用强大的加密算法对其进行加密并在运行时对其进行解密来保护资产文件夹内容。Copycats 无法通过简单地使用 zip 工具提取 apk 来轻松解密和获取资产文件夹内容。
于 2016-10-11T13:04:42.377 回答