Request for Stronger Protection of App Links in App inventor Apps

Dear @ewpatton ,

I am a developer using App inventor to build educational apps, and I greatly appreciate the ease and flexibility the platform provides. However, I am facing a serious concern regarding the security of sensitive URLs and API links used in my applications.

Currently, when an app is built, these links can be easily extracted by decompiling the APK. This exposes API keys, server endpoints, and internal resources—making my app and backend services vulnerable to abuse and attacks.

”I want to know how to protect my app links?”

Thank you for your support and continued improvement.

Use the Obfuscated text block.

Store your api keys and endpoints online, with password protection

Use external resources.

How I make it, please tell me details.... And Obfuscated text block are not work.

Yes it does.

Provide example apk where you can find a string that has been obfuscated.

One way:

  • Store your api keys and other strings on a server behind password protection
  • Provide your user with a valid password to enter on app start up (not stored on app)
  • Use this password to return your online data

I note you are also getting responses to the same request on the Niotron and Kodular communities, you seem to indicate that you are developing on all three builders ...

mod edit: Direct apk download removed, not allowed here...

You will need to show screenshots of how you use the obfuscated block in your app, and how you can then find the string that was obfuscated in your apk.

The apk appears to be a Kodular app ???

obfuscated block in your app

Now the next part...

Thread closed
It is a Kodular project
Also has been asked here

and Niotron

for now, to see if the OP responds / updates their findings...