Saturday, 2 May 2015

Reverse Engineering - How Android apps get hacked?

Reverse engineering is the process of "disassembling" a software followed by certain edits and moficiation that aims to recover what's behind the interface and a fully functional app. People who do this process, however, are planning to change the software's source code and exploit the app. Software cracks, keyloggers, those all are products of revers eengineering. As you might guess, reverse engineering can be quite dangerous for us - the users.)

Security is obviously the number one priority. Although we are all trying to protect our personal data as much as possible, it's still not effective enough.


 

Here's a little info from Arxan Technologies showing us that 70% of Apple apps have been in some way hacked and 95% of apps have been hacked on Android.
The question stays, is really hacking & modifying (or injecting a malicious code) an app that easy?
Let's have a look.



Here's another quick video showing the decompilation of an application using the dex2jar and JD-GUI which shows the source code of the decompiled app.

You can use the same thing using Show Java on Android, download on Google Play


The code gets changed, app compiled and released to the public. You can't spot the difference as the app is behaving normally but your personal data may get stolen.

These threads may be everywhere, for example if you like to download paid apps for free on the web (APK file), these also may be modified.

No comments:

Post a Comment