I have hardcoded string (APIkey) in my Java code (APK) but it can be easily decompiled by many tools. I know I can protect by encryption. But what if the hacker decompile my Java and find out the encryption and decryption code? Is there any better way to do that?
-
My be this question will help you stackoverflow.com/questions/30359439/…Sandeep– Sandeep2016-02-13 09:43:01 +00:00Commented Feb 13, 2016 at 9:43
Add a comment
|
1 Answer
You should add your keys in build.gradle file. These files are not included in your apk. Infact these are just used to sign your application and create a release build.
signingConfigs {
release {
storeFile file("../myapp.jks")
storePassword "mypassword"
keyAlias "My_App"
keyPassword "mykeypassword"
}
debug {
storeFile file('../debug.keystore')
storePassword 'android'
keyAlias 'androiddebugkey'
keyPassword 'android'
}
}
buildTypes {
release {
minifyEnabled false
debuggable false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
debug{
debuggable true
minifyEnabled false
signingConfig signingConfigs.debug
}
}
2 Comments
Dilip Kumar
Hi thanks for the reply. I think this should work but what if he debug the app and find out the data ?
Damanpreet Singh
There is no way to get key and keypassword while debugging. The key and certificate are encrypted and stored in /data/misc/keystore. However, since they have been stored by the system, you don't have the permission to access or decrypt them. Additionally, there is no public API for this. If it helps please upvote and accept the answer :)