Reputation: 312
how to secure my secret key in strings.xml file in Android
I am placing my secretkey in strings.xml. I checked by reverse engineering with apktool and I got my strings.xml file as R$string.smali when I checked in that file to see whether key is visible or not then i found my key string as
# static fields
.field public static final secretkey:I = 0x7f0a0035
Is there any possibility of fetching the key from this id or any other process is there to fetch my secretkey from strings.xml file.
Upvotes: 2
Views: 3767
Answers (2)
Reputation: 1709
Try Constructing the key at runtime. Bit manipulation / shuffling the key can be one way of doing this.
Have a customized encryption and decrypt the key at runtime.
If you can afford, you can get the key from a server.
Upvotes: 0
Reputation: 3350
You should not store secret key in strings.xml
More secure options are: SharedPreferences or internal storage with mode write localy. In most cases I suggest generate key on the phone. So every phone will have thir uniq key.
But remember there are no absolute security, rooted phone user can do anything with his phone.
Upvotes: 1
Related Questions
- Android SecretKey to String and back
- How to secure string in Android Application?
- How to secure secret keys in Android App?
- How Can I Use the Android KeyStore to securely store arbitrary strings?
- How to store secure string in Android?
- Storing a secret key on Android
- How to store secretkey in Android securely?
- How to save secret key securely in android
- How to secure secret string in Android app?
- How to store secret key in Android?