Android Protection Reverse Engineering Client-Server

Asked

Viewed 118 times

5

I see that it is very common applications Android (games for example) are modified through engenharia reversa.

Even using obfuscação and other anti reverse engineering techniques, it is difficult to maintain an Android application completely free snoopers, Cheaters, etc.

Faced with this scenario, I come to question the best way to keep the client-server communication intact, since ensuring the integrity of the application is a difficult task.

  • How to ensure that the data arriving on the server actually comes from an intact application (not modified through engenharia reversa)?
android server-client reverse-engineering
  • 2

    This type of warranty is simply not possible. You can make it as difficult as possible behind various techniques, but none will effectively ensure the integrity or identity of its application.

  • @Androiderson said it all.

1 answer

3


You can use the Protocol Buffers, of Google itself.

Protocol Buffers is neutral to any language, platform, and has a very good way of serializing objects. They are flexible, efficient and have an automated mechanism to serialize data.

In addition to being more efficient than XML or Json, if intercepted, it is not human-readable. Its structure does not allow easy understanding if it does not have the files called "contracts".

You can get better references and how it works and how to implement directly from official documentation.

Useful links:

-Github: https://github.com/google/protobuf

-5 Reasons to Use Protocol Buffers: http://blog.codeclimate.com/blog/2014/06/05/choose-protocol-buffers/

Browser other questions tagged android server-client reverse-engineering

You are not signed in. Login or sign up in order to post.