I was hoping to find a whitepaper/online article/book to bolster my argument that an All-Dalvik app is as good security-wise as an app with sensitive logic "hidden" in native code. I know with effort either can be decompiled, the aim is to make that effort as much as possible. So my original question was is that effort more with native than Java?
I agree with your previous point that ideally there should be no sensitive logic client side. However, while most of it is server-side, some of it necessarily (business requirements) has to be client side - decryption of data in the intent & a couple of actions taken on the basis of it. That's what I need to protect from malicious probing... the logic as well as the decrypted data. Hope this makes sense. --------------------------------------------- What do you mean details? If your a reverse engineer it's just a different thing to look at. If someone is skilled enough or has enough patience, neither is hard to do. -Tim Strazzere Security Engineer Lookout Mobile Security On May 12, 2:55 pm, Twinkie <[email protected]> wrote: > Thanks much! > > Are there any references that I can lookup for more details on this > native decompiling vs Dalvik decompiling? > > On May 11, 4:55 pm, Chris Palmer <[email protected]> wrote: > > > > I know there exist C/C++ decompilers too, but my colleagues think the > > > decompiled version is far more difficult to read. > > > My colleagues don't. > > > Don't make your security or your business model depend on the > > obscurity of client-side code. End of story. > > > --http://noncombatant.org/ > > > "These days, though, you have to be pretty technical before you can > > even aspire to crudeness." — William Gibson -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
