First, I hope you're not actually talking about FTP. FTP is not secure, no matter WHAT you do. SFTP -- FTP over SSH -- on the other hand, can be done securely.
This is one of the use cases for using certificates. Rather than a username/password in the code, you embed an X.509 certificate, which you use to authenticate for initial setup. When you connect the first time, you supply the device ID, and get a new, per-device certificate. This is what you actually use to communicate with the servers. (The device generates a private key, produces a certificate request with it, and the server returns a signed certificate, signed by the server's private key). Ideally, you'd use the Android AccountManager to store this certificate. If a phone is lost or stolen, you can cut off its access by revoking that certificate. You use a new certificate with each release, so your exposure to the risk of people reverse-engineering a cert is, at least, somewhat limited. If you need more security, so that only authorized people are allowed to get on, then you need an additional factor, outside the application -- such as an emailed registration key, a one time pad, a cryptographic key dongle -- whatever suits your particular requirements for security and convenience. Likewise, your server should have a certificate (and private key). This ensures against someone impersonating your web site. Finally -- your protocols should include a "nonce" -- a one-time value that changes with each request, and should be echoed (and checked) in the response. You can generate this with SecureRandom. This protects you against replay attacks. Even if you don't think replay attacks are important -- do it anyway, since it's so very easy to do. On Feb 2, 6:02 am, WC <whitc...@gmail.com> wrote: > I am developing an app that uploads files to an FTP server, and the > app will have the ftp user name / password in the code. I'm > investigating making the FTP user name and password as secure as > possible (including an encrypted value for each in a strings.xml and > decrypting in the app when it needs to connect to the FTP server). > > My concern is this is not actually secure at all, it seems someone > could unzip the .apk, decompile it, view the strings.xml and java code > that decrypts it - and thereby obtain the ftp login info. > > So my question is.. am I approaching this wrong way? Is there a > standard method of ensuring passwords that are hard coded into an app > can be secure? (note - in this case this is not a password a user of > the app would enter, the FTP password is universal to all that install > it so it is included in the app). > > Apologies if this is a noob question but I don't know my way around > this whole decompiling / hacking android apps thing. Any input would > be greatly appreciated! -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
