And ofcourse, Proguard is a must.
But I agree, reverse engineering is not too difficult (atleast modifying the manifest) and there are many free tools out there.
There are generally two concerns:
1. Somebody reverse engineering the code and modifying it or you losing the competitive edge. But in my personal experience obfuscated code (with proguard) is quite difficult to reverse engineer.
Are you saying the "smali" source code was completely readable?
2. Somebody can simply take the apk file, modify the AndroidManifest and then release it as a new package; which seems to have been the case with Aart's app (unless somehow his code was leaked).
But I am sure if the developer complains to Google (http://support.google.com/bin/request.p ... pe=lr_dmca), the Developer account may itself will be permanently closed (in some cases)
Yeah but I accidentally came across this app, so finding violations may be tricky. But as the fake app's popularity rises, I am sure it will be discovered and punished.
I don't think any other platform is 100% full proof.
Houdini wrote:From what I've discovered during the development of Houdini for Android, it is just a matter of minutes to take any Android App, disassemble it automatically and recompile a slightly modified version.
There is a public, freely available tool that produces "smali" source code which can then simply be modified and recompiled. The tool also automatically removes the most common software protection schemes that are proposed by the Android SDK.
The bottom-line is that there is just zero protection for an Android App, which is a rather disappointing situation.
Robert
