Can a debug-apk be reverse engineered to make it a release-apk?

Question

I am making a system in which the users can create Android applications. I want them to give an option to download a debug apk so that they can try it out first. After that, they have to pay for it to get the apk in release mode, so that it can be distributed in the Google Play Store.

I of course don't want them to be able to reverse-engineer the debug apk so that they can extract the needed files from it and then sign it themselves. Hence my question:

Is it possible to reverse engineer a debug apk to extract the classes and everything needed to build it in release mode?

If so, would there be any way to secure the debug versions so that it isn't possible anymore?

score 7 · Accepted Answer · answered Jun 10 '13 at 19:02

7

The difference between a debug apk and a release apk is that a debug apk is signed by a particular key which is provided with the SDK, whereas a release apk is signed by some other key. There's nothing to reverse engineer: all you have to do to make a release apk and sign it.

Nobody but you can create an apk signed by you. But anyone can make their own release apk by signing them.

A solution in your case would be to produce a binary including some DRM and refuse to run except on your customer's pre-registered device. How to implement such DRM, especially while letting your customer debug his applications, is left as an exercise to the reader.

answered Jun 10 '13 at 19:02

Gilles 'SO- stop being evil'

1,358
13
23

1

Of course, we all know how reliable client side DRM is. – Antimony Jun 11 '13 at 14:36
@Antimony I didn't say it was an easy (or indeed solvable) exercise. – Gilles 'SO- stop being evil' Jun 11 '13 at 14:47
@Antimony: I don't understand the solution.can you please explain it? – Mehul Joisar Jan 24 '14 at 05:32

Can a debug-apk be reverse engineered to make it a release-apk?

1 Answers1