When you deobfuscate code (here's a video tutorial that might give insight: How to read obfuscated code), you will be able to see all hard-coded values such as

当您对代码进行反混淆处理时（这里有一个视频教程可能会提供一些见解：如何阅读混淆代码），您将能够看到所有硬编码的值，例如

private String key = "Au8aujEWS(jol#9jSd9";

Except they won't be seeing variable names:

除了他们不会看到变量名：

private String a = "Au8aujEWS(jol#9jSd9";

By using tools like Sunny mentioned, you'll be able to get all code to near it's original state.

通过使用Sunny 提到的工具，您将能够使所有代码接近其原始状态。

I'll give an example; If you had the following original code:

我举个例子；如果您有以下原始代码：

public class MainActivity extends Activity { 
    private String key = "Au8aujEWS(jol#9jSd9";

    public void onCreate(Bundle savedInstance) {
        //Some code here
    }
}

public class OtherActivity extends Activity { ... }

After being compiled, and decompiled back into java code, it would look something like this:

编译后，反编译回java代码，它看起来像这样：

public class A extends B {
    private String a = "Au8aujEWS(jol#9jSd9";

    public void a (C b) {
        //Some code here
    }
}
public class D extends B { ... }

and by using educated guesswork and refactoring tools, you'll be able to deobfuscate code, so with enough dedication and hard work people will be able to see all your code.

通过使用有根据的猜测和重构工具，您将能够对代码进行反混淆处理，因此只要有足够的奉献精神和辛勤工作，人们将能够看到您的所有代码。

I strongly recommend to not make your security entirely depending on things coded into the client applications. Of course it depends on how important it is for your situation to not give hackers the possibility to access the information you're trying to secure.

我强烈建议不要让您的安全完全取决于编码到客户端应用程序中的内容。当然，这取决于不让黑客有机会访问您试图保护的信息对您的情况有多重要。

Yes it is possible to decompile an apk .

是的，可以反编译 apk 。

Depending on obfuscation level it might take some time but a dedicated/bent person will eventually decompile it .

根据混淆级别，它可能需要一些时间，但一个专心致志的人最终会反编译它。

You can try tools like

你可以试试像这样的工具

• apktool

• Smali

• Show Java Android App

• 应用工具

• 斯马利

• 显示 Java Android 应用程序

Source : http://geeknizer.com/decompile-reverse-engineer-android-apk/

来源：http: //geeknizer.com/decompile-reverse-engineer-android-apk/

UPDATE 1

更新 1

Here are 2 more options for you:

这里还有 2 个选项供您选择：

• decompileandroid.com

• javadecompilers.com/apk

• 反编译android.com

• javadecompilers.com/apk

suggested by @AndrewRukin

由@ AndrewRukin建议

UPDATE 2

更新 2

Another tool : jadx

另一个工具：jadx

Yes, Android APKs can easily be decompiled. The public variables, constants and their values can be seen when decompiled even if the code is obfuscated.

是的，Android APK 很容易被反编译。即使代码被混淆，在反编译时也可以看到公共变量、常量及其值。

When you obfuscate a code, your variable names are renamed. The value of your variables remains the same. Obfuscation is different from encryption. As such, your code is not encrypted when you obfuscate your code.

当您混淆代码时，您的变量名称将被重命名。变量的值保持不变。混淆不同于加密。因此，当您混淆代码时，您的代码不会被加密。

An example of a normal code:

一个普通代码的例子：

String str = "This is a string.";

An example of an obfuscated code:

混淆代码示例：

String a = "This is a string.";

As you can see above, The variable name was renamed from "str" to "a", but its value remains the same. Obfuscation works by renaming the variable names to short non-logical names making the file size smaller and making the code harder to understand.

如上所示，变量名从“str”重命名为“a”，但其值保持不变。混淆的工作原理是将变量名称重命名为较短的非逻辑名称，从而减小文件大小并使代码更难理解。

What I do is I obfuscate my whole code and then encrypt my key and decrypt it somewhere in my program. Although I understand that a determined and patient hacker can still crack my key, it will make things harder to him.

我所做的是混淆我的整个代码，然后加密我的密钥并在我的程序中的某个地方解密它。虽然我知道一个坚定而有耐心的黑客仍然可以破解我的密钥，但这会让他更难。

Yes, it is possible, but it's not so simple - someone truly must have a strong reason to do it.

是的，这是可能的，但它不是那么简单 - 确实有人必须有充分的理由这样做。

Depending on how much security do you need, you can either construct your key at the runtime instead of saving it into final String, download it from the Internet (but this way must be secured even better, may be not worth it) or let some other external server do the work instead of your app - especially if you are talking about payments and storing your public key - in that case the key won't be even embedded into your app.

根据您需要多少安全性，您可以在运行时构建您的密钥而不是将其保存到最终字符串中，从 Internet 下载它（但这种方式必须得到更好的保护，可能不值得）或让一些其他外部服务器代替您的应用程序完成工作 - 特别是如果您正在谈论付款和存储您的公钥 - 在这种情况下，密钥甚至不会嵌入到您的应用程序中。

Also, remember to make the hacker's life harder by using mentioned obfuscation tools like ProGuard: http://developer.android.com/tools/help/proguard.html.

另外，请记住使用提到的混淆工具（如 ProGuard：http: //developer.android.com/tools/help/proguard.html）使黑客的生活更加艰难。