Decompile code and get Firebase code

617 views

Skip to first unread message

Abo Anas Bassel

unread,

Sep 12, 2016, 11:25:20 AM9/12/16

to Firebase Google Group

Everyone know how easy decompiling android release apk is and get the source code.

There is a big chance that someone use the code of my app and make a new app with the same package name and sha1 key then introduce his app as a replacement for mine in other market stores with new features etc ..

How could I prevent this ?

Thank you..

Doug Stevenson

unread,

Sep 12, 2016, 5:01:10 PM9/12/16

to Firebase Google Group

Two things you should be aware of:

1. The Play store doesn't allow two apps with the same application id to exist in the market at the same time. The second one will simply not be allow to exist. If you're concerned about other stores, then you could simply publish there first as well - they should have the same restriction. If for some reason a duplicate app appears, you should file a takedown request.

2. How does this attacker get a hold of the certificate that you used to sign the app? That should normally be protected the same way that you protect the password to the account you use to log in to the console. If you publish your certificate to the internet at large, then you are practically begging for trouble. The SHA-1 hash of your certificate cannot simply be used to create duplicates - updates to your app must be signed with the same certificate as well as the same app id.

That said, you can't stop anyone from reverse engineering your app. However, you can just make it impossible for them to duplicate certain functionality of your app that's protected by its signature.