Boost android app is not obfuscated which lead to view the source code of the app.
Attackers can steal code and reuse it or sell it to create new application or create a malicious fake application based on the initial one.
First, I did the basic reverse engineering like unzip the apk file by changing the file extension from .apk to .zip.
once I have unzipped the apk i have noticed that it had two classes.dex file.i planned to make the .dex file into .jar file to view the source code.
For changing the .dex file into .jar file i used dex2jar tool in macos terminal. In terminal i used the following command :
MacBook-Pro:dex2jar-0.0.9.15 dinesh$ sh d2j-dex2jar.sh classes.dex dex2jar classes2.dex -> classes-dex2jar.jar MacBook-Pro:dex2jar-0.0.9.15 dinesh$
Once it done the converting,i got the .jar file. To view the jar file i used the jd-gui tool.
Open the .jar file with the jd-gui tool. Now you can view the java files. thats all..
I did the same process from step 3 to step 5 for second .dex file also.
Obfuscate Java source code with tools like Proguard or Dexguard in your application.