I am using Retrofit2 for API calls via my Android app:
Api api = new Retrofit.Builder()
.baseUrl(BASE_URL) //<-- Problem here
.addConverterFactory(GsonConverterFactory.create(gson))
.client(okHttpClient.build())
.build()
.create(Api.class);
Nowadays, many apps are being re-uploaded to the store by just changing the BASE_URL needed or with some minimal re-skinning. I know that protecting to 100% an app from Reverse Engineering is impossible, but I just want to somehow make it harder for anyone to just change the BASE_URL and use the app with his own API.
For the BASE_URL itself, I am getting it with some native code as explained here. But still, anyone can put whatever he/she wants in baseUrl(BASE_URL) and he/she is good to go.
For now, I am thinking to import the whole Retrofit2 as a module in my project and modify there to add some level of obscurity.
But I am just wandering, isn't there any better way to do it?
Thanks.
