Reverse Engineering Apps. A Primer
Reverse engineering is a pretty cool concept. Someone builds something, you want to see how they did it, so you take it apart and see how it was put together in the first place. It can be a great way to learn, and it pushes technological progress forward. But there’s also a dangerous side to it.
Reverse engineering done with malicious intent can lead to copyright infringement or other damages. It’s a fine line to walk on for what is ethical and what isn’t, and that doesn’t change inside of the Android world. In here reverse engineering is common and developers should always account for it when building apps to make sure they’re taking necessary precautions.
The term for reverse engineering an app is “decompiling”, and what you’re decompiling is an APK (Android Package Kit). This is essentially just a .zip file that stores our apps code. You build an APK when you compile your code and use that APK to upload the app onto the Google Play Store. This is then what users around the world download onto their devices. And if they’re tech-savvy enough, they can open up this APK and see what’s inside.
Let’s take a second to think about a couple reasons why we would want to decompile our APKs. One possibility is that we’ve misplaced our source code and are hoping to recover it. If this was the case then we could decompile our app from a phone it was already on. Note that this has its limitations as the decompiled code will not be the exact same as the original. Some parts will be lost along the way, so make sure you save your code on Github!
Another possible reason for decompiling an app would be to evaluate its security. If you’re able to see things you want to keep private simply by decompiling an app, other people can too. And chances are they won’t always be decompiling for education purposes. I’ll be following up on this blog shortly with another one going more in depth on how to properly hide secrets in your apps.
And of course there’s always decompiling for modding purposes. If you reverse engineer an app and put it back together how you want then you can add new features or customize how things behave. Here’s where I throw in a disclaimer that you should make sure you’re a law abiding citizen while doing these things. Lots of companies/developers would be very unhappy to hear that someone is decompiling their apps to make monetary gains.
How To Decompile?
The good news is that if you want to decompile apps on your own, you absolutely can! You’ll need to download a popular tool known as apktool, and also make sure you have java set up on your computer. Here’s an great video showing how to use apktool to theme and edit android apps.
Want to know more about decompiling apps? Don’t worry we’ll be writing lots more on it soon, but in the mean time let us know what you want to know in the comments below!