Android APK encryption

[fakr00n]

Hi,
I'm writing an android app where there is a strong need for IP-protection. I'm wondering if there's a way to encrypt the entire APK or at least the C/C++ native library where the *good stuff* lies.

 

[codesplice]

You can't encrypt the entire APK; doing so would prevent it from running at all.

There are tools built in to Android Studio which can help you obfuscate your code to make it more difficult to decompile and analyze:
https://developer.android.com/studio/build/shrink-code

And you take take it a step further and encrypt particularly sensitive data (keys, etc) with plugins:
https://medium.com/@christopherney/...enigma-string-obfuscation-plugin-11687022cbef

 

[fakr00n]

That's what I thought as well about encrypting APKs I thought it was worth a shot to double check It would have been wonderful if Dahlvik could directly execute encrypted binaries (with HW acceleration)... Like it's common use in the automotive industry to prevent reverse engineering. I think I'll encrypt the senstitive parts of the C/C++ library using Android keystore systems for safe key storage, load the (encrypted) sensitive lib parts in RAM, decrypt them and execute from RAM - Not the optimal solution from security point of view but still better than nothing. I'll also obfuscate the Java code as well, Thanx for the information