How to store sensitive data into java code for android development

0 投票
最新提问 用户: (160 分)

I am willing to use java email api for my android app. I got it from this link. But as mentioned here in the link, to use this api, I need to give my own email id and password in GmailSender as Plain Text. For this reason I am tensed about my password. If anyone decompile the apk file then he can easily get my email id and password. But I don't know how to store these sensitive data into my code safely. How can I do this?

Note: I am not willing to use any third party library to encrypt thses data

发表于 用户: (100 分)
Why can't you use an SMTP server and send emails from an anonymous account?

2 个回答

0 投票
最新回答 用户: (140 分)

It is nearly impossible to completely protect your app from reversal engineering, especially without any third party library.

BUT instead you can create another e-mail, with a different password, and configure it to resend any email received to your official e-mail.

This way if anyone actually manage to reverse the code and get the password, they will only have access to this secondary and unimportant e-mail account. This should solve the problem.

More info about actually protecting the code here:

How to avoid reverse engineering of an APK file?

How to make apk Secure. Protecting from Decompile

发表于 用户: (160 分)
Your idea is not bad. But I I have to use any library for protecting these data, then which is best and can you give me an example with that?
发表于 用户: (140 分)
I edited the reply with a link that might help
发表于 用户: (160 分)
But none of them have any perfect answer. Everybody is suggesting. Nobody is answering
发表于 用户: (140 分)
I wish i could help you more, But the thing is, it seems that this subject is not trivial. Truly protecting an app requires a lot of deep understanding of the matter, which i do not own.
0 投票
最新回答 用户: (140 分)

You should obfuscate your password string before keeping it in your source code. You can:

  • Do it manually, It can be take a time.
  • Or use some automatic tools. If you don't want to use any third party library to encrypt these data, Bg+ Anti Decompiler/Obfuscator is a good choice for you. It works on java source code (not Java byte-code) so you will control everything
欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。