How to secure the apis and relevant data from displaying in android monitor?

Question

I am working on an application which is already uploaded on app store. When I download the apk from the app store, install and run it on my device, and open Android studio alongside (any random project), the Android monitor shows all the apis links and details from where I am fetching data.

For example,

if the user selects city = Lahore after login, it shows

"http://example.com/api/app_home?select_city=lahore&user_id=123....."

in the android monitor. Similarly for all other apis. You can even see the response which is returning after hitting a particular api.

How to avoid this? I guess this is not decompilation of apk. I am just running app on my device while connecting to Android studio and it is showing everything. Any help would be appreciated. I have already search for links but most of them showing how to avoid decompilation whereas I need to hide all these links and data at least.

Answer 1

1. Use ProGuard.

2. Add this to your proguard config:

   -assumenosideeffects class android.util.Log {
   
     public static boolean isLoggable(java.lang.String, int);
     public static int v(...);
     public static int i(...);
     public static int d(...);
     public static int e(...); 
   
   }
   

It will remove all the log lines from your code, it does not log anything on live builds then, and your code is slightly smaller and because of that faster.

The URL's you call might also be logged by OkHttp, if so then you need to disable the logging for that. Do a google search on it.

Answer 2

We can use proguard to disable logs but some times It didn't worked. I am using this library. It is very nice.