Protect Your Android Applications from Software Piracy
You've probably heard some of the startlingly high statistics about the number of mobile applications that are illegally downloaded and installed on users' devices. For the application developer, the loss in revenue and other ramifications of software piracy are staggering; most developers try to take some steps to protect their intellectual property. Android developers have a powerful tool at their fingertips to ensure this type of protection -- ProGuard.
Android applications are generally developed with Java, a language well-known for fairly easy reverse-engineering. Part of what makes Java so susceptible is that the language supports reflection, or the ability to look up code objects at runtime by name. These labels are kept when the application is compiled. When someone knows what your application does (context) and can systematically inspect the elements of your code in a human-readable fashion, it takes only a short amount of time to unwind your hard work and take advantage of it. This is just one of the reasons Java applications are fairly easily reverse engineered.
Over time, various tools have been developed to make the process of reverse engineering more difficult. Many of these tools use code obfuscation technology of some kind -- a process where human-readable code is converted into context-less gobbledygook. In this way, the code becomes difficult to interpret and understand. ProGuard is one such tool, and it's now built into the Android plug-in for Eclipse. ProGuard obfuscates, shrinks, and optimizes your code. The end result is a smaller, more secure application package file.
Why Protect My Paid Android Applications?
Well, first of all: you wrote the app, you should be the one to reap the rewards, right?
Let's look at a typical scenario for a paid app. Many developers sell their applications on the Android Market. If you're one of them, then presumably, you want everyone who uses your application to pay for it. Your first problem was that people were somehow just copying your app and making it available for download on other sites. In response to this, you likely integrated with the Google License Verification Library so the application can confirm with the Android Market that the user actually paid for it and that it's installed on an approved device. But even after taking these measures, you still found that people were somehow copying your application and defeating the code.
In all likelihood, these intelligent -- yet nefarious -- developers were easily reverse engineering your app's code because it wasn't obfuscated. They could easily search for certain keywords within the binary. This is just one reason why it's crucial to obfuscate your code using a tool such as ProGuard.
Do I Need to Protect My Free Android Applications?
If your application is freely available on the Android Market and other sites, you might wonder why you should bother obfuscating your code.
Just because you're giving away the software doesn't mean that it doesn't contain valuable intellectual property or revenue-making items such as advertising-supported content that you can't allow to be defeated, misused, or misrepresented. The last thing you want is for your awesome, but not patented, technology to be copied immediately upon release simply because you left your work unprotected. If you have a multiplayer game that goes through servers, reverse engineering the code could allow someone to cheat and misuse your servers, too. And your wildly popular ad-supported application could have its ads turned off just as easily.
These are just a few of the many reasons why using a tool like ProGuard to protect your applications is important.
Originally published on http://www.developer.com.
Page 1 of 2