Is it safe to share apk files?


You have just finished your Android app and are ready to share it with people for testing or submit to alternative Android app stores. How can you be sure they won’t unpack the APK file and access all the files and your code and publish your app as theirs? Also if they access the graphics you created, they may use them as their own work not only in another apps but anywhere on the web.

I have bad news, my friend: apps can be reverse engineered, and if you send someone your precious .apk file they may do to it whatever they want to. But this needs preparation and knowledge. Some files are easier to access, the code, well, it’s difficult, but possible.

When you share your apk file with others (developers/app stores) you need to weigh the risks you are taking. The feedback of other people may be worth gold before publishing the app but you can never be sure what they will do with the file. This is why Google introduced beta testing last year: you don’t need a production APK to share your app with others. They will directly download your app from Google Play, won’t have access to the code and the app will be available to those who know the exact URL of your app on Google Play.

There are also apps that can grab the apk file from the installations: Appmonster can back up the .apk file to SD card.

Bottom line is, there is no 100% security and there is no way to completely avoid reverse engineering. However, there are some things to make the hacking more tough:

  • Use Proguard that shrinks, optimizes, and obfuscates your code by removing unused code and renaming classes, fields, and methods with semantically obscure names. The result is a smaller sized .apk file that is more difficult to reverse engineer.
  • Download a resource from the Web and do some encryption process
  • Use a pre-compiled native library (C, C++, JNI, NDK)
  • Always perform some hashing (MD5/SHA keys or any other logic)

In my opinion you have nothing to be afraid of. You can share apk files without hesitation when it comes to constructive feedback and ideas of other developers. I have never really heard about a case when someone’s apk file was reverse engineered and used by hackers. Your goal is to make as many downloads as possible and I think this way outweighs the risks you take.

Need more downloads? Select one of my app promotion services and I will promote your app to 30 quality app review sites and millions of people on social websites.

Balint Farago

Entrepreneur, startup enthusiast, gadget fan. I travel a lot and in the meantime I develop and promote mobile apps.