Comments (3)
Hello @acrolink !
Sorry for not pinpointing to the conrete solution, but the issue you are tackling can be resolved through the usage of the native code. The idea is to bundle your credentials inside native code that will be bind by JNI. This way you will ensure that strings won't be easily reverse engineered, as soon as they are part of binary files. Though, such approach complicates application code and requires from your side to build code for different platforms.
from android-best-practices.
SO file can also be reversed,whit IDA,it is a simple work.
from android-best-practices.
You should keep in mind that ultimately, any credentials that you distribute are vulnerable to reverse engineering. Proxy tools such as Charles can do this for HTTPS web traffic. So obfuscation in the APK only provides limited benefit.
from android-best-practices.
Related Issues (20)
- Recommend Dependency Injection using Dagger 2
- Recommend sharing your **debug** signing key HOT 1
- Recommend sharing your IDE code formatters HOT 4
- Simplify Gradle recommendations
- Simplify Android Studio recommendation HOT 2
- Add minSdk recommendation new projects HOT 1
- Encourage sensible use of Android Support Annotations
- Add RxJava testing guidance HOT 1
- Revise our recommendations for persistence storage HOT 2
- Add reference to Spice program in summary HOT 2
- Investigate different format for README HOT 3
- Recommend using MVP as application Architecture HOT 1
- Adding an Android logo and Futurice label below it HOT 1
- Colors.xml: use two levels of color definition HOT 4
- Always use Proguard (in debug too!) HOT 2
- Jackson link is dead :)
- Managing dependencies
- Лучшие практики на Андроид
- Can I learn Android Development in Java as a beginner? HOT 2
- Andrpid
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from android-best-practices.