saotome said:
I'm planning on distributing some java apps. I'm a bit preocupied that
some of the users may try to decompile the jars and learn about the
source.
Are you ashamed of your code? Let's face it. Almost 100% of the code of
an typical commercial application is trivial in the sense that there are
no breakthrough algorithms or top-secret information in the code.
Typically is the amount of code and the perseverance shown to put it
together which makes it valuable, not any algorithm. However, it is the
algorithms from which one can learn most. And reverse-engineering and
understanding an algorithm consists of much more than just decompiling
the code.
For the rest, you might consider some of your code a trade secret in the
sense that you think it gives you a competitive advantage. But on closer
inspection this is often also not the case. Further, a competitor who is
really interested in this part of the application could still reveres
engineer the code if it was written in, let's say C. It is just a lot
harder, but not impossible. If the gain is high (your trade secret so
great), someone might be willing to go through a lot of pain anyhow to
get it.
And then there is of course the code which is there to prevent the user
from doing something the user would otherwise be allowed to do. Think
DRM and other restriction technologies. Since the gain in reverse
engineering these is very high (from a user's perspective), they are
often reverse engineered, even if written in other languages than Java
(again, think about the many DRM schema which have been hacked in the
past). Easy decompilation makes the hacking simpler, but difficult
disassembling doesn't prevent the hacking.
If it really worries you, you shouldn't have chosen Java as the language
for your project. Now, as an afterthought it is pretty much to late. The
properties of Java, including the relative ease of decompilation, are
well known for more than a decade. If you need to "do something now,
whatever it is", go with obfuscation as some kind of band-aid. It is
cheap, relatively painless to apply and raises the decompilation bar a
little bit. For future projects you might want to consider this special
Java property first, and probably chose another language.
/Thomas