Quallcomm AR apk security??

I've played around with the Quallcomm extension for Unity with some nice results but I'm slightly concerned about how secure the published apk is. Does anyone have any experience or reference they can point me at confirming security measures. I guess this might not be a Quallcomm related question at all, if all Unity built apk files are very secure. Your thoughts please.

 

Maybe you better define what kind of security you're looking for.

Basically it's very easy to unpack APK files (they are zip files after all). There are also tools which can turn on the XML files from binary format to text format as well as all resources.

Also the DEX Code (When you compile an Android App, the Java files get turned into java byte code (*.class files) and this bytecode gets turned into Dalvik Code (DEX, *.dex files) which are specially optimized) into smali code.

This smali code is similar to assembler and it's possible to read it and recreate it. It's also possible to change the smali code and have the tool to compile it back into dex.

So from that point, it's not very security. You can obfuscate your code to make it bit harder (i.e. hide class and method names), but it's still possible with enough effort to decompile it.

So well, you shouldn't store anything related to security in the APKs code and instead let the server do any security related stuff.

edit:

That's the link to Android APK tool.

http://code.google.com/p/android-apktool/

In order to decompile an APK file, just type

And you will get a subfolder with the same which contains smali code and the resources from the APK