Obviously there is no way to obfuscate the code of the android apk with thunkable. Is this right?
Theoretically it can be done via Android Studio, using proguard: the .apk (compiled by thunkable) needs to opened in debug mode and then it’s behavior can be customized with the proguard files. If Thunkable does not provide code obfuscation, would this be a viable way?
I think Thunkable X apps are already obfuscated using ProGuard when they are compiled. I’m not 100% certain though so the Thunkable developers will have to confirm that.
Many thanks! I am waiting for 2 days now for them to respond. You can easily see whether the files are obfuscated with proguard after opening the .apk in debug mode. The classes must have names like ‘a’ and ‘b’. This makes it very complicated to decompile an app.
I just need to know how this requirement is met, before I start to create an app and eventually subscribe to the thunkable service. I hope they are so professional to provide an answer to this.
Be aware, that even if the service you want exists, it doesn’t lull you into a false sense of security.
If someone is determined enough they will be able to hack your app.
If you are planning to make an app that will handle particularly sensitive data eg real names, addresses, social security numbers, bank account or credit card numbers, health information, etc then it may be worth getting professional and impartial advice.
Code obfuscation is a standard practice in Android development and Thunkable should provide this functionality. It is not about sensitive data but about making it hard for a hacker to decompile the app.
It is a bit disappointing that the support team of Thunkable is not answering my chat request for a few days now and that there is no mention about this question in their documentation. Thanks again!
If this should prevent an .apk file from being de- and recompiled / edited then I doubt this is done to Thunkable X apps by default because I was able to decompile and recompile Thunkable X .apk with APK Editor Studio for testing purposes (wanted to get an app running on Android TV).
I also guess, that Thunkable is not obfuscating the code. I will make a simple app and try it out by opening it in the profiling/debug mode in Android Studio. Then I see. After having decompiled the .apk, I then try to add the obfuscation files. Thanks for your answer!
It isn’t possible to prevent any app from being decompiled, even in Android Studio, all code can be decompiled. The discussion here is whether Thunkable use ProGuard to obfuscate the apk. This jumbles up the code and makes it almost unreadable to help stop the code from being copied and to protect sensitive information from being accessed.
I decompiled an app created with Thunkable X and it looks like the code is obfuscated, most of the classes, packages, variable names and methods have randomised names.
With proguard the class names are hidden and the whole structure of the code becomes very hard to read. The classes for example get names like ‘a’ and ‘b’. I was just wondering whether I should use Thunkable for simple apps without doing it natively. Thanks again!
Are you sure that hackers need to look at your code? They can look at the idea, hack the app and make it free, build it with their own key, throw out ads, and so on. For this don’t need to know the class structure to do this. I don’t think you can use Thunkabe X to make an app that can’t be replicated in Android Studio.