Tool prevents hackers from obtaining Android app source code
RIIS announced HoseDex2Jar, a mobile security tool that can prevent Android decompilation by hackers on mobile devices.
Android runs applications in .dex format. Dex2Jar is the only tool available to convert Android APK’s back into Java .jar files. This allows someone to decompile the .jar file using JD-GUI or JAD into readable source code. Once done, all proprietary source code and other sensitive information stored on backend databases are vulnerable.
RIIS knew if they could figure out a way to stop Dex2Jar from functioning, they could protect Android apps from being decompiled at all, thus protecting the apps from attackers. RIIS started investigating to see if Dex2Jar had any limitations they could expose. HoseDex2Jar was born.
“Developers can take steps such as using tools like ProGuard to obfuscate their code, but up until now, it has been impossible to prevent someone from decompiling an app,” said Nolan.
“We realized if there was a way to stop Dex2Jar, we would stop all Android Decompilation. HoseDex2Jar does just that. It stops Dex2Jar by inserting harmless code in an Android APK that confuses and disables Dex2Jar and protects the code from decompilation. We’re now able to go a step beyond obfuscation and prevent hackers from decompiling an APK into readable java code. This is huge for companies with Android apps available on Google Play.”