Reputation: 12444
Protect Private Keys
We are trying to protect some private data in our app, by encrypting them before publishing the app, then on runtime the app reads "private key" to decrypt the data.
the question is, we are planing to use "Our KeyStore Hashkey" as private key, so on run time the app generate the hashkey, and use it to decrypt the private data, is this way safe or not?
Upvotes: 0
Views: 157
Answers (2)
Reputation: 12636
Nope - this way is not safe (as all other - to be clear) The basic problem with data encryption is that if you want to have some data in the application you have to deliver it by download, or by attaching it to the application package. Event if you will encrypt it you will must also attach full data needed to decode encrypted data, as well as full code (method) to do that task. So you can only wonder how to make all procedure more messy and harder to decompile, but there is no way to make it safe. When considering application security you have to consider application code and data as freely readable to everyone other.
Upvotes: 2
Reputation: 39807
No, doing anything that allows your app to fetch this private key is not going to be safe. Android applications specifically are too easy to decompile and reverse engineer, and worse, modify and run modified versions of them.
If your data is so important that you cannot give your user a password to use to fetch it, then you need to not show that data to your user in any fashion.
Upvotes: 1
Related Questions
- How to protect my encryption key in Android?
- Storing RSA Private Key Android
- how to securely store encryption keys in android?
- Protect private key by biometrics OR app-passwort on Android
- Securely Storing Keys in Android Keystore
- Android - Storing private keys in keystore
- Private and Public Key
- encrypt/decrypt public/private android
- Android: Securing Your Private Key
- encryption in android