Available now from RIIS, an IT services firm specializing in mobile development, is a new security tool, called HoseDex2Jar that is designed to prevent Android decompilation by hackers on mobile devices, as a means to decompile Android apps and obtain access to sensitive data.
According to company president Godfrey Nolan, the new HoseDex2Jax tools makes use of the fact that Android runs applications in .dex format. He said Dex2Jar is the only tool available to convert Android APK's back into Java .jar files.
This allows someone to decompile the .jar file using JD-GUI or JAD into readable source code. Once done, all proprietary source code and other sensitive information stored on backend databases are vulnerable.
When development started on the tool, said Nolan, RIIS developers knew if they could figure out a way to stop Dex2Jar from functioning, they could protect Android apps from being decompiled at all, thus protecting the apps from malicious attackers. RIIS started investigating to see if Dex2Jar had any limitations they could expose.
“Developers can take steps such as using tools like ProGuard to obfuscate their code, but up until now, it has been impossible to prevent someone from decompiling an app,” said Nolan.”We realized if there was a way to stop Dex2Jar, we would stop all Android Decompilation.”
HoseDex2Jar stops Dex2Jar by inserting harmless code in an Android APK that confuses and disables Dex2Jar and protects the code from decompilation.We're now able to go a step beyond obfuscation and prevent hackers from decompiling an APK into readable Java code.