(!OUTDATED!) Kodular APK Security

Is anybody still going to post a solution? It is December and Kodular Creator is still on 1.4D.1 Eagle which is built on September 4, 2020. Kodular Creator is a few months outdated and I also need this public link stuff removed as soon as possible. I am using MIT App Inventor now to build my apps to protect my privacy until this public link feature is either changed or removed.

Unless you are using an offline version I donā€™t see what difference that makes? App Inventor apk links also expire after 2 hoursā€¦

I honestly think you are exaggerating. Nobody is going to find the link to your app and even if they do, what are they going to do with it? You can easily get the apk back from an app once it is installed on a userā€™s device too.

7 Likes

I also think devs have better things to do then work on a thing that is not a problem. Like @Conor said, i also think you are exaggerating the issue. In essence there is no issue.

3 Likes

But they donā€™t get generated publicly with a short link.

Also, if you remember, some users said that a hacker can build an app either with Kodular or another MIT AI2 based platform to steal APKs. Some are brave because all MIT AI2 Based platforms do not allow any apps that destruct a userā€™s device. Some users who also buy images online from iStock photo or Vector Stock will have to worry about the paid images extracted from the APK. Includes paid fonts as well and other paid items in digital forms. I cannot even put any sensitive information or anything personal because I was confident that nobody would be able to steal my app before any of this. Back in 2019 I moved from Thunkable X because of it having a public gallery. APK Files can be extracted using programs like 7-zip. I am not going to keep up with this feature. Nobody needs a feature like this. Most people already have Google Drive and other Cloud storage services so why build a feature like this. Google Drive is free and I use it for my apps. If a user suggested this feature, I donā€™t mean to hurt their feelings by removing it but I think that the feature should be changed with the ability to disable this public link stuff in the creator settings, change the duration, or set permissions. My AIA Files are safe but my APK files are how I run my apps and assets can be extracted.

Actually, this is a BIG HUGE issue to the privacy of my information and my apps along with other Kodular users.

Koders! If you do not like this new public link feature, answer my form/poll here

How? Some users could upload it externally and there is no other defense than using a textbox, tinydb, and a password screen to prevent piracy of my apps. My assets are also defenseless as they can be extracted from the APK. Private is private. If a user wants to make their apps public then they should host it on Google Drive or the Google Play Store. I created a form poll to see if anyone likes this feature or not.

There is no point in this :point_up: statement of your. Adding to what Conor said :point_down:

There is not even need of getting the apk from app. Person who wants to steal the assets(like you mentioned which are in digital forms) can steal them directly from the installed app using some third party tools.

Private is Private! I am not going to let my privacy or private assets be stolen. It is a shame that I have to avoid Kodular because of this. Also, how can I get the app back from a userā€™s device. I am not a hacker and I cannot create an app that suspiciously controls a users device or does bad activities on it.

So are you going to avoid all the platforms which lets you develop Android app? Because the things I mentioned can happen with any app developed on any platform, even on Android studio. Itā€™s not related specifically to Kodular or to any other similar platforms.

You donā€™t need to be hacker for doing such things :slightly_smiling_face:

You donā€™t need to, they are already created.

1 Like

Firstly, this is specifically a feature to Kodular. Kodular opens a pop up box that shows a short link like this (The letters just represent the characters seen in the short links)
https://kodular.app/abc-xyz

Secondly, Android Studio is a program and not a cloud based app. It does not generate any public links. I rarely use Android Studio and I just play around with the design. Android Studio is local and I have it on my Windows 10 desktop.

Thirdly, MIT Ai2 Platforms excluding Kodular are still safe. There is no public link after building apk files. However, there are options for that, but they donā€™t happen after building my apk.

Fourthly, Kodular respected its usersā€™ privacy ever since it was released, but it has let me down. So, until Kodular removes or changes this feature, I will have to depend on MIT Ai2 and other MIT Ai2 based platforms and a lot of extensions to build my apps.

I donā€™t know whats wrong with you that you are constantly pointing towards the public link.
You need to understand that any person can get your apk file without that public link even. And as said there is no need to get the apk even as a person who wants to steal your private digital assets can steal them directly from app with some third party tools!!

Hope you enjoy your journey with MIT Ai2

How about a switch to allow or disable downloading from a different IP address? That switch would be disabled by default and the user would have to switch it on in case they want someone else to download the app somewhere else.

2 Likes

Private is Private. Private links need my Gmail or Kodular to work. There is nothing called Private is Public. For example, if I upload my apps in Google Drive, set them to private and share them with nobody, and then just leave it there. Even though it has a URL, it still cannot be downloaded so what you are saying has no sense to it. This public link stuff needs to be removed and they are hosted on a weird domain named kodular.app which should be shut down to prevent the creation of public links for the privacy of my information and my apps.

Ok, so what about asking for a password which is hardcoded in the application when starting the app as you said?

Yes but I donā€™t think it is possible to solve all combinations in 2 hours. And there is something named rate-limiting which prevents the client to send a lot of requests from same IP address. I donā€™t know if Kodular has rate-limits, but I assume they have because it is a standard everywhere.

I tried to explain you as best as i could.
The point is, if you are developing an app, it is going to be installed on several user devices. Now the thing is if one of the user decides to steal anything from your app, then he/she can do so without any need of apk or any link

So by this your point of private Google Drive links and all, not even likely to be discussed, because nothing depends on link in this case particularly

3 Likes

It is time consuming. Once I finish my app, I want to build the APK, upload it to Google Drive, and then the private business can use it. I also build private apps for myself as well. I currently am not making any apps for the world as of now.

Also, who is answering yes on my poll that they want their apps stolen.

Any SOLUTION TO THIS PUBLIC LINK CREATION**!?** :confused:
Original words in this post have been removed due to community guidelines.

If someone wants to hack your app or steal its contents they will do so using means other than the Public link you are worried about. The Public link should be the least of your worries.