Dilip Kumar
Reputation: 51
Protect the hardcoded values (api key) in Java code of Android
I have hardcoded string (APIkey) in my Java code (APK) but it can be easily decompiled by many tools. I know I can protect by encryption. But what if the hacker decompile my Java and find out the encryption and decryption code? Is there any better way to do that?
Upvotes: 2
Views: 1182
Answers (1)
Damanpreet Singh
Reputation: 726
You should add your keys in build.gradle file. These files are not included in your apk. Infact these are just used to sign your application and create a release build.
signingConfigs {
release {
storeFile file("../myapp.jks")
storePassword "mypassword"
keyAlias "My_App"
keyPassword "mykeypassword"
}
debug {
storeFile file('../debug.keystore')
storePassword 'android'
keyAlias 'androiddebugkey'
keyPassword 'android'
}
}
buildTypes {
release {
minifyEnabled false
debuggable false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
debug{
debuggable true
minifyEnabled false
signingConfig signingConfigs.debug
}
}
Upvotes: 1
Related Questions
- How can you get the build/version number of your Android application?
- How can I close/hide the Android soft keyboard programmatically?
- How to avoid reverse engineering of an APK file
- Is there a way to get the source code from an APK file?
- Why is the Android emulator so slow? How can we speed up the Android emulator?
- What is the difference between gravity and layout_gravity in Android?
- Dilemma: when to use Fragments vs Activities:
- Strange OutOfMemory issue while loading an image to a Bitmap object
- Android error: Failed to install *.apk on device *: timeout