How to Reverse Engineer an APK file to get the actual source code

You can use Dex2Jar to convert APK into a JAR file then open it using JD-JUI

Basic Usage
  1. Download dex2jar from http://code.google.com/p/dex2jar/downloads/list
  2. Extract dex2jar-version.zip to a folder. for example /home/panxiaobo/, C:\
  3. unzip -x dex2jar-version.zip -d /home/panxiaobo
  4. use dex2jar to generate .jar file. dex2jar will generate a file named someApk_dex2jar.jar in the same folder of someApp.apk.
  5.    linux sh /home/panxiaobo/dex2jar-version/dex2jar.sh /home/panxiaobo/someApk.apk
       windows C:\dex2jar-version\dex2jar.bat someApk.apk
  6. use a decompiler to view the source.
Whoops this is so bad! Is it working for any APK ?

Yes, Correct ! Its not problem with Android babay! Its the nature of Java Itself. So we can blame Java for this, =)

Whats the Solution to prevent getting hacked my APKs ?

Obfuscation is the solution. that simply means Confusing the hacker to read the code, at-least less understanding by confusing the Application Logic.

Pro-Guard is the Tool for Android. It will do that scramble for us. =)

 Learn more about how to protect code from hackers!

Google I/O 2011: Evading Pirates and Stopping Vampires

Securing Android LVL Applications - Licensing with Google APIs