Follow these 3 easy steps to Encrypt Java Class Files (.DEX)
- Under the Build tab, select Security, then expand TOTALData™ Encryption
- Switch on APPCode Packer
- Optionally, enable Favor Loading Time (see below)
- Click “Build My App.”
Learn how to encrypt Java Class Files (.dex) in Android apps.
In recent years, decompilers have reached a maturity level that allows recovering source code from mobile app binaries with ease. Obfuscation has become a well established preventive measure developers use against static reverse engineering attempts. There are several ways to implement obfuscation, but various obfuscation solutions differ in several things: Ease of use (e.g., specialized compilers and post-build tools), Performance (i.e., performance penalty, if any) and the reference threat level.
Since eventually all defenses can be broken, the quality of a good defense is measured by the amount of work, expertise and time needed to break the defense.
This Knowledge Base article provides step-by-step instructions for using Appdome to encrypt Java Class files (.dex) in Android apps.
We hope you find this knowledge base useful and enjoy using Appdome!
Appdome is a no-code mobile security and development platform that enables anybody to add a wide variety of security features, SDKs and APIs to Android and iOS applications. Using a simple ‘click to add’ user interface, anyone can easily encrypt Android Java Class files (.dex) in seconds, no-code or coding required.
Appdome’s APPCode Packer is a security feature that encrypts the mobile app’s compiled Java code and decrypts it at run-time. Appdome’s APPCode Packing makes reverse engineering an arduous task while preserving the functionality and performance of the original app. Appdome’s APPCode Packer is compatible with mobile apps built in any development environment including Native Android apps, hybrid apps, and non-native apps built-in Xamarin, Cordova, and React Native, Ionic and more. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of Appdome’s APPCode Packer to any mobile app.
In Android, compiled Java/Kotlin code resides in
classes.dex files (see structure of Android applications). The common tools to reverse engineer DEX files are disassemblers such as baksmali and dex2jar and decompilers such as jadx and jdgui. The purpose of code packing with Appdome APPCode Packer is to make these tools ineffective and even unusable. To do this, Appdome encrypts all DEX files not needed for app initialization, making it impossible for disassemblers to find the original code. At run-time, Appdome’s code will decrypt the encrypted DEX files and allow the app to continue working as usual.
This obfuscation technique provides the following benefits:
This feature is complementary to Appdome’s Control-Flow Relocation and may be used together to further the app’s Java code reverse-engineering protection.
The Android App Bundle lets you more easily deliver a great experience in smaller app size, by creating “splits”, allowing the play store the ability to tailor fit the app to the phone it’s being installed on, Downloading only the relevant resources.
If your application was developed using a non-native framework such as React-Native, Cordova or Xamarin, you might want to check out Non-Native Code Obfuscation.
If, on the other hand, your application has more native code in it, we recommend you check out Binary Code Obfuscation.
Since the app still requires certain classes for its initial startup, specific classes mentioned by the following tags in the app’s manifest inside the “application” tag will not be encrypted:
The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add the requested service to the mobile app in seconds.
Congratulations! When your build is complete, you will see the notice below.
Obfuscation decreases the efficiency of compression algorithms, so obfuscating all the code in the app may increase its loading time significantly. You can enable Favor Loading Time to automatically detect and optimize the obfuscation process of publicly available components to preserve the application loading time.
Please review this file to view all the libraries and files that will remain unobfuscated, with this toggle enabled.
In order to use Appdome’s no-code implementation of APPCode Packer on Appdome, you’ll need:
After successfully building the app, the app needs to be signed in order to deploy it. Optionally, you can also brand or customize apps using Appdome. Read this KB to learn how to sign, customize, brand, and deploy apps using Appdome.
Learn about Appdome’s other encryption solutions under TOTALData™ Encryption.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.