-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Apps How to secure my secret key in strings.
- Thread starter OsmanKale
- Start date
D
Deleted User
Guest
What are you using the key for?
D
Deleted User
Guest
If it's a cryptographic key, you can use this
https://developer.android.com/training/articles/keystore.html
https://developer.android.com/training/articles/keystore.html
D
Deleted User
Guest
Is it absolutely essential to store the password? Can you ask the user for it when the app needs to connect to the DB?
You can't store a plain text password either in the code, or the database, as this isn't secure. Sensitive information like a password needs to be encrypted.
You can't store a plain text password either in the code, or the database, as this isn't secure. Sensitive information like a password needs to be encrypted.
If you want to prevent reverse engineering, or at least make life harder for the hacker, you can calculate the string, not just store it. You can build the string from the symbols. Symbols can be calculated base on some variables. At least code decomposition will not help. Even it doesn't prevent debugging, but it is much better then keep your string as a constant.
Last edited:
If all you are doing is reading data from the database then you can limit the username provided to read only right.
But as far as writing to the database you would want to setup an https connection to some sort of web app run thru php or etc to update the database.
If each user will have its own login thru database then using something like a restful architecture will help.
Leaving database login information with write permissions can cause a ddos on the server its self or easily be hacked into by reading data in terms of real time load.
But as far as writing to the database you would want to setup an https connection to some sort of web app run thru php or etc to update the database.
If each user will have its own login thru database then using something like a restful architecture will help.
Leaving database login information with write permissions can cause a ddos on the server its self or easily be hacked into by reading data in terms of real time load.
D
Deleted User
Guest
If you want to prevent reverse engineering, or at least make life harder for the hacker, you can calculate the string, not just store it. You can build the string from the symbols. Symbols can be calculated base on some variables. At least code decomposition will not help. Even it doesn't prevent debugging, but it is much better then keep your string as a constant.
You can't prevent reverse engineering of your APK. Any algorithm in the code used to calculate a password can, and will be exploited.
If it's important to keep sensitive information safe, use an encryption method, based on a secret key.