我们知道，Android应用程序是用Java编写的。在Java中，无论你做什么，就不可能保护编译code从编译或反向工程，如堆栈溢出问题的 How锁定编译的Java类，以prevent反编译？ 的建议。

As we know, Android apps are written in Java. In Java, no matter what you do, it is impossible to protect compiled code from decompilation or reverse-engineering, as the Stack Overflow question How to lock compiled Java classes to prevent decompilation? suggests.

如何将一去保护一个应用程序，包含算法的商业秘密，从逆向工程？

How would one go about protecting an app that contains algorithmic trade secrets from reverse-engineering?

按如何我的意思是不仅是软件的技术，还包括其他的创意办法。

By "how" I mean not only software techniques, but also other creative approaches.

推荐答案

第一站对我来说将是优化和混淆code用的这是众所周知的ProGuard 与字节code针对Android的的Dalvik虚拟机工作（通过敏捷）。这是一个非常伟大的工具，并能增加'扭转'你code，而萎缩的code的足迹（在某些情况下显着的困难：最近我的小程序就从约600 NBSP; KB下降至约50 NBSP; KB ）。

The first stop for me would be to optimise and obfuscate the code with ProGuard which is known to work with byte code targeted at Android's Dalvik VM (via Dex). It's a really great tool and can increase the difficulty of 'reversing' your code while shrinking your code's footprint (in some cases dramatically: a recent applet of mine went from about 600KB down to about 50KB).

与其他人一样都这么说，你永远不会得到你的算法的详细信息100％的安全，而它的实现被分发到客户端。对于这一点，你需要保持code在您的服务器孤单。尝试为客户$ C $接近100％％的股票C有效地达到 DRM ，可以使您的客户端code脆弱的网络中断的脸，只是一般阻挠（合法）的用户。

Like others are saying, you will never get 100% security of your algorithm's details while its implementation is being distributed to clients. For that, you'd need to keep the code on your servers alone. Attempts to near 100% percent security for client code effectively amount to DRM and can make your client code fragile in the face of network outages and just generally frustrate (legitimate) users.

在Android开发者博客有一定的useful articles对此事防篡改Android应用程序（它们推荐使用的ProGuard作为整体方案的一部分）。

The Android developers blog has some useful articles on the matter of 'tamper resistant' Android apps (and they recommend the use of ProGuard as part of the overall approach).

至于创意方法：一些开发商聘请调试器检测技术来prevent运行时分析，并与二进制code部分的加密结合起来（阻止静态分析），但说实话，一个确定足够的攻击者就可以的规避这些，而这可能会导致如图所示的Windows知识库文章由合法用户受挫的的游戏：错误消息：一个调试器已检测到：卸载调试器，然后再试一次 的。我的女朋友的学车DVD软件在 VirtualBox的将无法运行这个原因，但她指责当然是Linux的！

With regards to 'creative' approaches: some developers employ debugger detection techniques to prevent run-time analysis and combine this with encryption of portions of binary code (to deter static analysis), but to be honest, a determined enough attacker can circumvent these, while it can cause legitimate user frustration as illustrated by the Windows KB article Games: Error Message: A Debugger Has Been Detected: Unload the Debugger and Try Again. My girlfriend's 'Learn to drive' DVD software will not run under VirtualBox for this reason, but she blames Linux of course!

OpenRCE 和的维基百科对混淆code 可能是好的出发点，如果你想看看这另一篇文章。但要注意，你可能会比你会通过商业秘密逆向工程损失失去更多的是通过在热衷使用这些技术挫败你的用户。像Anton小号说，也许是最创意的做法在于调整业务模式，而不是技术。

OpenRCE and Wikipedia's article on obfuscated code may be good starting points if you want to look into this further. But be warned, you may lose more through over zealous use of these techniques frustrating your users than you would through loss of trade secrets by reverse engineering. Like Anton S says, maybe the most 'creative' approach lies with tweaking the business model rather than the technology.

6日最新的Andr​​oid SDK更新 2010年12月（与Android 2.3姜饼版本一致）：

The latest Android SDK update on 6th Dec 2010 (coinciding with Android 2.3 Gingerbread release):

综合ProGuard的支持：ProGuard的，现在打包带的SDK工具。开发人员现在可以混淆他们的code作为一个发布版本的组成部分。的