Hello friends, I have a question, is it possible for someone to get my apk from a web page and be able to decompile it? My doubt arises because I see that my application appears on sites like APKPURE, in which my apk can be obtained and in which I have airtable api keys, which I do not want them to be able to obtain.
Do not enter api keys, base id in designer part.
Enter in blocks part usimg the block obfuscated block
Okay, but I understand that the obfuscated block security level is low. This is the best that can be done?
Then try [Free/OS] Keystore - Secure Encryption and Decryption this method
Also this Secure your data! too…
Is your app on Google play? If you have them, your apps will be available on apk download sites through the app’s package name
somehow they use the “AI” technology I suggested, and it scans the google play database and gives that result. They don’t mass produce the same apps that are similar to yours. For example but I have four apps on google play and they also appear on apkpure
I understand, but Google Play doesn’t deliver or download the apk like apkpure does for example, or am I wrong?
via your app’s package name
So from what I could find of information the compilation of kodular is done in blocks → YAIL → scheme code → java bytecodes (not source code) → bytecode → bytecode run natively on Dalvik VM on Android. So this means that decompiling and parsing a kodular apk file is not that simple, is it?
Only server side auth, and server side critical logic deployment protect your app from these cases.
I know, I have a login in which authentication is required and the security rules are well configured in firebase, but I mean for example if I have airtable api keys in my application, and someone would like to decompile my apk to get them, It’s not that simple right? You see, I have an application for community use but I want to protect it from some malicious people, I know almost nothing about computer security in these cases.
It’s simple to get api keys. You can just make it a little harder to get them. That’s why firebase configuration file with urls and api keys is contained in plain json making it so easy to get them after decompilation. Only server side rules can guarantee security with hashing function and hash integrity is checked on server.
I know nothing about airtables security layer. But if the security depends on the api key which is contained in the source code it’s not secure at all.