Reputation: 2365
How to keep third party 'Keys' secure in Android app
The next Android app I am creating uses third party APIs for: 1. Google API for geolocation. 2. Google APIs for Translation and 3. Zopim APIs for support chat. Now almost all such service providers uses 'KEY' to uniquely identify who is requesting data. To implement these services I need to use the unique KEY they give me while I sign up.
Now the KEY is nothing but a String. What concerns me is, it is very easy to decompile APKs to source code. In that case, is it possible that somebody can use my app's APK to read the KEY and misuse it?
If yes, what is the solution to it? There are many apps out there that uses such KEYS from service providers. What do they do?
Upvotes: 0
Views: 150
Answers (1)
Reputation: 563
You can save those keys encrypted in your app server and send them securely via SSL on log in
Upvotes: 1
Related Questions
- How to efficiently count the number of keys/properties of an object in JavaScript
- How can you get the build/version number of your Android application?
- How can I close/hide the Android soft keyboard programmatically?
- How to stop EditText from gaining focus when an activity starts in Android?
- How to avoid reverse engineering of an APK file
- How do I pass data between Activities in Android application?
- Why is the Android emulator so slow? How can we speed up the Android emulator?
- How do I "select Android SDK" in Android Studio?
- How to get screen dimensions as pixels in Android
- How to lazy load images in ListView in Android