I am a developer using App inventor to build educational apps, and I greatly appreciate the ease and flexibility the platform provides. However, I am facing a serious concern regarding the security of sensitive URLs and API links used in my applications.
Currently, when an app is built, these links can be easily extracted by decompiling the APK. This exposes API keys, server endpoints, and internal resources—making my app and backend services vulnerable to abuse and attacks.
”I want to know how to protect my app links?”
Thank you for your support and continued improvement.
Provide example apk where you can find a string that has been obfuscated.
One way:
Store your api keys and other strings on a server behind password protection
Provide your user with a valid password to enter on app start up (not stored on app)
Use this password to return your online data
I note you are also getting responses to the same request on the Niotron and Kodular communities, you seem to indicate that you are developing on all three builders ...
You will need to show screenshots of how you use the obfuscated block in your app, and how you can then find the string that was obfuscated in your apk.