(!OUTDATED!) Kodular APK Security

So what if the “hacker” guessed the generated link? what he has is an app with no source code, its like saying, I download this app from Play Store so therefore I own it, it doesn’t really make any sense… So far I know the link doesn’t come with the source file of your app… So chill no one is stealing your app.

Source code or not, I do not want my personal apps hosted publicly without my consent. The private business does not want the apps public and I do not want them public either. I am currently not making any apps for the whole world to use. So, the private apps will start having confidential information not meant to be shared. The APK file produces the app itself and that is not something I want stolen. I have to add Tiny DB and a text box to prevent my apps from being pirated and out in the public. It is time consuming. I have sent an email to @Conor and @Diego back in October and I got no response. I have been using Kodular since 2019 and now I am going to avoid it until this feature is either fixed or changed. Here is a picture of what I am talking about.


you are using a public server… so theoretically Kodular itself or a Kodular admin does have access to all the projects…

you probably prefer to use an offline server? then you have everything under control… and you are responsible for the projects by yourself… unfortunately not available for Kodular, but for App Inventor AI2Offline - Browse Files at SourceForge.net
this provides the maximum security for you…



I really don’t think this is anything to worry about. As already mentioned, there are over 300 million possible combinations and it’s almost impossible to guess this in 2 hours. We have also never known this to be abused in the past.


Well, Kodular does not allow its users to build apps that make viruses or anything else wrong. So, some users should be brave but it is hard to know what the app has.

As I am not allowed to create duplicate topics, I still want this feature to either be gone or changed.

yes… thank you
I now moved your post to the correct thread


Is anybody still going to post a solution? It is December and Kodular Creator is still on 1.4D.1 Eagle which is built on September 4, 2020. Kodular Creator is a few months outdated and I also need this public link stuff removed as soon as possible. I am using MIT App Inventor now to build my apps to protect my privacy until this public link feature is either changed or removed.

Unless you are using an offline version I don’t see what difference that makes? App Inventor apk links also expire after 2 hours…

I honestly think you are exaggerating. Nobody is going to find the link to your app and even if they do, what are they going to do with it? You can easily get the apk back from an app once it is installed on a user’s device too.


I also think devs have better things to do then work on a thing that is not a problem. Like @Conor said, i also think you are exaggerating the issue. In essence there is no issue.


But they don’t get generated publicly with a short link.

Also, if you remember, some users said that a hacker can build an app either with Kodular or another MIT AI2 based platform to steal APKs. Some are brave because all MIT AI2 Based platforms do not allow any apps that destruct a user’s device. Some users who also buy images online from iStock photo or Vector Stock will have to worry about the paid images extracted from the APK. Includes paid fonts as well and other paid items in digital forms. I cannot even put any sensitive information or anything personal because I was confident that nobody would be able to steal my app before any of this. Back in 2019 I moved from Thunkable X because of it having a public gallery. APK Files can be extracted using programs like 7-zip. I am not going to keep up with this feature. Nobody needs a feature like this. Most people already have Google Drive and other Cloud storage services so why build a feature like this. Google Drive is free and I use it for my apps. If a user suggested this feature, I don’t mean to hurt their feelings by removing it but I think that the feature should be changed with the ability to disable this public link stuff in the creator settings, change the duration, or set permissions. My AIA Files are safe but my APK files are how I run my apps and assets can be extracted.

Actually, this is a BIG HUGE issue to the privacy of my information and my apps along with other Kodular users.

Koders! If you do not like this new public link feature, answer my form/poll here

How? Some users could upload it externally and there is no other defense than using a textbox, tinydb, and a password screen to prevent piracy of my apps. My assets are also defenseless as they can be extracted from the APK. Private is private. If a user wants to make their apps public then they should host it on Google Drive or the Google Play Store. I created a form poll to see if anyone likes this feature or not.

There is no point in this :point_up: statement of your. Adding to what Conor said :point_down:

There is not even need of getting the apk from app. Person who wants to steal the assets(like you mentioned which are in digital forms) can steal them directly from the installed app using some third party tools.

Private is Private! I am not going to let my privacy or private assets be stolen. It is a shame that I have to avoid Kodular because of this. Also, how can I get the app back from a user’s device. I am not a hacker and I cannot create an app that suspiciously controls a users device or does bad activities on it.

So are you going to avoid all the platforms which lets you develop Android app? Because the things I mentioned can happen with any app developed on any platform, even on Android studio. It’s not related specifically to Kodular or to any other similar platforms.

You don’t need to be hacker for doing such things :slightly_smiling_face:

You don’t need to, they are already created.

1 Like

Firstly, this is specifically a feature to Kodular. Kodular opens a pop up box that shows a short link like this (The letters just represent the characters seen in the short links)

Secondly, Android Studio is a program and not a cloud based app. It does not generate any public links. I rarely use Android Studio and I just play around with the design. Android Studio is local and I have it on my Windows 10 desktop.

Thirdly, MIT Ai2 Platforms excluding Kodular are still safe. There is no public link after building apk files. However, there are options for that, but they don’t happen after building my apk.

Fourthly, Kodular respected its users’ privacy ever since it was released, but it has let me down. So, until Kodular removes or changes this feature, I will have to depend on MIT Ai2 and other MIT Ai2 based platforms and a lot of extensions to build my apps.

I don’t know whats wrong with you that you are constantly pointing towards the public link.
You need to understand that any person can get your apk file without that public link even. And as said there is no need to get the apk even as a person who wants to steal your private digital assets can steal them directly from app with some third party tools!!

Hope you enjoy your journey with MIT Ai2

How about a switch to allow or disable downloading from a different IP address? That switch would be disabled by default and the user would have to switch it on in case they want someone else to download the app somewhere else.