Android: Are Java code and strings in it (like Javascript commands for a WebView) visible to others from the apk file or after installation?

Question

My app injects a large amount of Javascript lines in a WebView and this code is written as strings in the Java file. I fear someone can read this code because my app is not intended to be open-source. I fear about Java code too. Is it possible? Is Proguard useful? Note: I do not want to protect super-secret algorithms, I just want to avoid someone grabs my code, throws it in Eclipse and get his/her version of my app. I mean Java and Javascript: I just want my human-readable code in both languages is not available to those people who want to publish a similar app without effort and by studying my ideas in the source code.

Answer 1

Somebody who decompiles your APK can see those strings. If the data exists on the user's device, people can get at it, with varying degrees of difficulty. Also, note that this is not significantly different from any Web site ever created, as the entire HTML, CSS, and JavaScript that is delivered to the browser can be read.

You are welcome to invest in DexGuard to try to make it challenging for somebody to retrieve that JavaScript. Whether that is worth the time and expense is up to you to determine.