6

I've developed my first Android app in Unity3D and uploaded it to Google Play. And I've just realized: There are services to download apk files from Google Play. There are services to decompress apk files and get all the source files from it. Is it possible?

How can developer protect his apps from cloning this way? (I'm using Unity 3d, so I can't use ProGuard) Or does it make a difference that I'm developing in Unity 3d? (Maybe it's harder to understand decompressed sources in case it made in Unity) But then, how does Google Play protect apps from hacking source code?

Braiam
  • 1
  • 11
  • 47
  • 78
Alex
  • 129
  • 1
  • 2
  • 15

1 Answers1

5

It is absolutely possible for the most part. Just take your APK, rename it to a .zip and you already have access to the contents. Browsing through the folders will show you (given that you're using Unity) a lot of Unity asset files. These, by means of inspection, are reasonably trivial to retrieve the contents from.

Traverse the folder structure until you find Assembly-CSharp.dll and extract it. Dump it into something like ILSpy and you'll find that your sources aren't just trivial to decompile, but that almost all naming is preserved and not even obfuscated in any way.

To provide you with an example, this is part of my code

and this is what I retrieved just now using ILSpy from the APK I built

Minor differences, but nothing that would really confuse you.

All in all there is not much protection there by default. There are ways to apply obfuscation, but I have no experience there myself, so can't really comment on the practical usefulness.

Bottom line is that if someone really would want to put effort into extracting what you've created, they can up to a point. So if you want to protect your work, you'll have to find the solution somewhere else.

Bart
  • 19,692
  • 7
  • 68
  • 77