Android Question How to hide IP address from my apk?

incendio

incendio

Well-Known Member
Licensed User
Longtime User
Hi guys,

I tried virustotal.com to scan my apk. This apk is a jRDC application.

After the scan result finished, under Behaviour Tab, on section IP Traffic, there are a list of IP addresses that my apk used.

These IP's addresses was not encryped. Is there a way to hide/encrypt these IP's addresses?
 
Sort by date Sort by votes
JohnC

JohnC

Expert
Licensed User
Longtime User
If the scanner detected the IP addresses as plain text in your apk, then you should be able to use simple text encryption to convert the plain text IP addresses into encrypted characters instead of numeric IP strings.

But, if the scanner got those IP addresses by actually monitoring the live connections your app made to somewhere on the internet, then there is nothing you can do about that.
 
Upvote 0
incendio

incendio

Well-Known Member
Licensed User
Longtime User
Thanks for your reply, will try to encrypt the ip in my app and try to submit it again to virustotal.
 
Upvote 0
JohnC

JohnC

Expert
Licensed User
Longtime User
You may also need to protect those endpoints with a password or API key and then make a connection to them using something like SSL to prevent man-in-the-middle snooping of the password or API key.
 
Upvote 0
incendio

incendio

Well-Known Member
Licensed User
Longtime User
JohnC said:
You may also need to protect those endpoints with a password or API key and then make a connection to them using something like SSL to prevent man-in-the-middle snooping of the password or API key.
Click to expand...
Care to tell me how to protect the end point with password?
 
Upvote 0
JohnC

JohnC

Expert
Licensed User
Longtime User
If one of the endpoints are a web service, you can add a password parameter to it.

But if the endpoint is only the jRDC, then this thread might help:

jRDC2 is it safe?

sorry for my ignorance but i hear a lot of people saying using PHP is not safe to connect to a MySQL DB. and i hear a lot erel saying the best solution is to use jRDC2. so i tried and watched the whole tutorial of him here i must say that i was surprised that everything worked. so i managed to...
www.b4x.com www.b4x.com
 
Upvote 0
Erel

Erel

B4X founder
Staff member
Licensed User
Longtime User
incendio said:
These IP's addresses was not encryped. Is there a way to hide/encrypt these IP's addresses?
Click to expand...
Yes*

* - obfuscated

Code Obfuscation

This tutorial is relevant for B4A and B4J. During compilation B4A generates Java code which is then compiled with the Java compiler and converted to Dalvik (Android byte code format). There are tools that allow decompilation of Dalvik byte code into Java code. The purpose of obfuscation is to...
www.b4x.com www.b4x.com
 
Upvote 0
incendio

incendio

Well-Known Member
Licensed User
Longtime User
Erel said:
Yes*

* - obfuscated

Code Obfuscation

This tutorial is relevant for B4A and B4J. During compilation B4A generates Java code which is then compiled with the Java compiler and converted to Dalvik (Android byte code format). There are tools that allow decompilation of Dalvik byte code into Java code. The purpose of obfuscation is to...
www.b4x.com www.b4x.com
Click to expand...
I have already done that, this is the code on Main Activity
B4X: 
Sub Process_Globals
    Public ConnSvr as String = "http:xxx.xxx.xxx.xxx:1000/rdc"
End Sub

But the IP address still visible.
Am I doing wrong here?

I am only submitted (online) my apk to virustotal.com, not run the app and let them scan it while the apk runs.
 
Upvote 0
incendio

incendio

Well-Known Member
Licensed User
Longtime User
Erel said:
Have you compiled in obfuscated mode? The ip address will not appear as a string. You can see it in the generated java code.
Click to expand...
Yes it is in obfuscated mode.

Here is the screen shot result after the scan
 

Attachments

  • ss.png
    ss.png
    64.2 KB · Views: 130
Upvote 0
incendio

incendio

Well-Known Member
Licensed User
Longtime User
I use search function in B4A, that link was not found elsewhere, it was only in the Process Global Sub.
 
Upvote 0
incendio

incendio

Well-Known Member
Licensed User
Longtime User
Erel said:
<project folder>\Objects\src
Click to expand...
Not found.

I deleted all comments that containts IP address, compiled again and submitted again to virustotal.com and it worked. No IP visible after the scan.

Made some changes, compiled and submitted again, after the scan, IP detected again.
Realy confused.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

RockSmoke
  • Question
Android Question CONNECT TO IP ADDRESS
Replies
2
Views
1K
RockSmoke
RockSmoke
max123
  • Article
Android Code Snippet Check if an IP Address is Private or Public
Replies
0
Views
1K
max123
max123
M
  • Question
Android Question Ethernet ip address
Replies
2
Views
1K
mmanso
M
S
  • Question
Android Question IP address confusing when upload file with FTP
2
Replies
26
Views
7K
OliverA
OliverA
D
  • Question
How do the ServerSocket look up the IP-address of the connected client
Replies
11
Views
9K
Erel
Erel
Top