Search code examples
javaandroidadmob

Android App prevent from being modified

After Googling I have found that my free app with ads is published in some sites with title "app_name_ad_free_mod_hacked", after trying to install this app in my personal phone it is working correctly but ads aren't showing. Even, I noticed that it doesn't make ad request.

Is there any solution to prevent the app from being modified?

P.S: I'm using ProGuard and I have decompiled the modified APK, and I don't notice any difference from original app.

Ads are initialized in my code as below :

At onCreate() of MainActivity : 

MobileAds.initialize(getApplicationContext(), "admob_app_id");
mAdView = findViewById(R.id.adView_fragment_ads);
layout_ads = findViewById(R.id.layout_fragments_ads);
start_ad();

and the method : 

private void start_ad() {
        try {
            if (data_ne_db[0].equals("jo")) {
                AdRequest adRequest = new AdRequest.Builder()
                        .addTestDevice(AdRequest.DEVICE_ID_EMULATOR)
                        .addTestDevice(getResources().getString(R.string.ads_test_device))
                        .addTestDevice(getResources().getString(R.string.ads_test_device_facebook))
                        .build();
                //mAdView.setAdUnitId(getResources().getString(R.string.ads_kryesorja_poshte));
                //mAdView.setAdSize(AdSize.LARGE_BANNER);
                mAdView1.loadAd(adRequest);
                mAdView1.setAdListener(new AdListener() {
                    @Override
                    public void onAdLoaded() {
                        mAdView1.resume();
                        mAdView1.setVisibility(View.VISIBLE);
                        u_inicializua = true;
                    }

                    @Override
                    public void onAdClosed() {
                        Log.e("ADDD CLOSEEEED", "Ads is closed by user)");
                    }

                    @Override
                    public void onAdFailedToLoad(int errorCode) {
                        mAdView1.pause();
                        Log.e("AD FRAG 2", "Ads failed to load" + " error : " + errorCode);
                        u_inicializua = false;
                    }
                    @Override
                    public void onAdLeftApplication() {
                    }

                    @Override
                    public void onAdOpened() {
                    }
                });
            }
        } catch (Exception ignored) {}
    }

Maybe someone just injects comment to the method call or in the database if check, but how to prevent that?

Solution

  • Making hacking impossible: I don't know if there is an answer.

    What you can do is: There are some paid tools like dexguard. You can use them. A paid alternative will likely work better than a free one.

    Though, an expert one might get into your code. But, cracking dexguard isn't a simple game. Also, it does Runtime Self Protection, Code optimization, etc

    Some of my unused ideas::-P | Client Side

    • Check the location from where the application was installed. Use PackageManager
    • Verify Signature of the application installed / Place Signature in the server | Check if matches the one with which the app is signed
    • Make code which even you can't read after a day of finishing it. Badly name classes, wrongly name them. Like: Class ABACAS processes task ABACAS and class SACABA does task SACABA - give them reversed name. Also, method delegate returns some value called delegate and method stack returns stack. Reversely name them.

    That means: Class ABACAS will do SACABA and SACABA will do ABACAS & method delegate will return stack and method stack will return delegate

    If your app is server-dependent (I mean your app is just is a client, the server does the task, has API and does send-receive). Just ask your app for the signature from the server. If the signatures match does next, else return.