Protect string constant against reverse-engineering

java android security reverse-engineering credentials
D-Fox picture D-Fox · Sep 15, 2011 · Viewed 12.3k times · Source

I have android application that has hard coded (static string constants) credentials (user/pass) for sending emails via SMTP.

The problem is that .dex file in .apk can be easily reverse-engineered and everybody can see my password.

Is there a way how to secure these credentials, while i will still be able to use them in my classes?

Answer

Anuj Jindal picture Anuj Jindal · Jun 27, 2016

We can use "jni module" to keep 'Sensitive Hardcoded Strings' in the app. when we try to reverse engineer APK file we get lib folder and .so files in respective process-folders. which can not decrypt.

Related questions

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Android 2.3

In my server (production server), I have a goDaddy ssl certificate. I have both iOS and Android apps connecting with the server, iOS connecting with no problems, android with versions 4.* everything is good, but with devices with 2.3.* I always get …

Read More
Android RSA Keypair Generation - Should I use Standard Java/Bouncy Castle/Spongy Castle/JSch/Other?

I've been looking around for about a week+ to implement a method I have in mind. I have came across (and read) many articles on all of these different methods, but I am still left confused, so I was hoping …

Read More
How to call a method when an Android app is closed or loses focus?

Because an app I'm building will handle rather sensitive data I want to sync the SQLite db with the server every time the user logs in, and remove emty the db every time the app loses focus (because the user …

Read More