Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Mobile Firm Takes on Android Decompiler With New Tool

Mobile app development and IT services company RIIS has released a new security tool designed to prevent Android decompilation by hackers on mobile devices.

Mobile app development and IT services company RIIS has released a new security tool designed to prevent Android decompilation by hackers on mobile devices.

Dubbed HoseDex2Jar, the tool keeps hackers from using the Dex2Jar tool to decompile Android applications and access data. According to the company, Dex2Jar converts Android APKs into Java .jar files. With the tool, attackers can decompile the .jar file using JD-GUI or JAD into readable source code, revealing all proprietary source code and any information stored on backend databases.

“Developers can take steps such as using tools like ProGuard to obfuscate their code, but up until now, it has been impossible to prevent someone from decompiling an app,” said Godfrey Nolan, RIIS president. “We realized if there was a way to stop Dex2Jar, we would stop all Android decompilation. HoseDex2Jar does just that.  It stops Dex2Jar by inserting harmless code in an Android APK that confuses and disables Dex2Jar and protects the code from decompilation.”

Earlier this year, Arxan Technologies issued a report that noted 92 percent of the Top 100 paid iOS applications  and 100 percent of the Top 100 paid Google Android applications had hacked versions available in app markets. The report noted that Android Java apps in particular are trivial to decompile back to source code, and that native Android and iOS apps are relatively easy to reverse engineer as well.

“To crack an Android app, hackers can download the app on another machine (e.g., Mac) and run a tool (e.g., apktool) to unpackage the app and disassemble its Dalvik bytecode,” the report notes. Dalvik is the process virtual machine in Google Android’s operating system.

“They analyze the disassembled code or use tools (e.g., dex2jar and a Java decompiler) to decompile Dalvik bytecode to Java source code and analyze the source code,” the report continues. “They can make changes to disable license checks (or other modifications) and repackage the app and resign it.”

In a demonstration with SecurityWeek, Kevin McNamee of Kindsight Security Labs showed how a hacker could use the developer tool “apktool” to decompile the game Angry Birds. When finished, he could see the source code and directories. He then copied the malicious Java program into the “com” directory.

According to RIIS, the new tool represents a step forward in protecting applications from this kind of behavior.

“We’re now able to go a step beyond obfuscation and prevent hackers from decompiling an APK into readable java code,” Nolan said. “This is huge for companies with Android apps available on Google Play.”

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.