I am finishing the 1st app that I have developed, which handles sensitive data and any modification or alteration of the data or the handling thereof can cause great damage to the infrastructure of the company.
I'm afraid that Apps of the type xMod could end up destroying the functioning of this app.
Any advice on how to prevent third parties from decompiling the code or access my database on the server?
How can I protect my theft code?
In an Android application, the obfuscated code makes it difficult to obtain the code through reverse engineering through your .APK, obfuscation is especially valuable when your application uses sensitive data within the code, such as verification of licenses.
To obfuscate your code in an android application regularly use Proguard (although there are other options).
Google's dx compiler converts ordinary jar files into files that run on Android devices. By preprocessing the original jar files, ProGuard can significantly reduce the file sizes and boost the run-time performance of the code.
I add a tutorial to configure your Android project with obfuscation:
Using Proguard to obfuscate an Android application.
It is important to know that unfortunately there is no infallible method to avoid reverse engineering.
Encrypt your information with methods such as SHA-1 as such the process that is generated in your apk (LOGINCA DE NEGOCIOS) you can hide it by means of multiple classes although it is not recommended as many files are generated although at the time of making the ingeneria inversos would be something like this
This is at least more complicated for the person doing reverse engineering, it makes it more complicated to identify all the flows of your apk.
Unfortunately you can not avoid reverse engineering.
You have to avoid leaving data that can be used by third parties within the application.
If you have the need, you will have to keep them encrypted and decrypt them once the user is authenticated.
You can identify the device that wants to access the server and block it if it is not authorized or has been discharged due to theft, for example.
If you use "content providers" (ContentProviders) Mark in the android manifest: exported = false this prevents sharing of data with other applications.
If you use the "internal storage" Android only gives access to the data to your application.
Android also allows you to encrypt the device's file system. Greetings.
Use Proguard.