Reputation: 1
Is it safe to store encryption key in android class file
I'm doing some simple encryption on the values of shared preference to hide my data structure from users. I made a AES key and saved it in my class file with other codes as plain text. How hard is it to for a user to find my key with a decompiler? should I save it to string.xml? is there any rule I should add to gradle to make it more secure? I want to make it secure while keeping it as simple as possible.
Upvotes: 0
Views: 156
Answers (2)
Reputation: 9993
try facebook conceal you can find furter documentation and download here .
Upvotes: 0
Reputation: 14435
It's not secure. An apk file can be decompiled and all resources files can be read, also Strings kept in source files can be read pretty easily. You might use DexGuard and let it encrypt your key in the source file, but I would rather set up a web service that retrieves the key once it's running on a device. You can add more security to it, like a login for example. That way, it's only possible to get the key if you have access to a device with the app installed and logged in.
Upvotes: 2
Related Questions
- Is it safe to store the encryption/decryption key into a static variable?
- Private file for an app
- how to securely store encryption keys in android?
- Storing encryption keys safely on android
- Storing a secret key on Android
- Android KeyStore to store the SecretKey for encryption/decryption
- Storing AES Key in Android Device Securely
- Is it secure to store SecretKey in app memory during runtime
- Where to store keys of encryption algorithm?
- Keeping secret key SECRET - within Android app.. any ideas