I am developing an app that uploads files to an FTP server, and the app will have the ftp user name / password in the code. I'm investigating making the FTP user name and password as secure as possible (including an encrypted value for each in a strings.xml and decrypting in the app when it needs to connect to the FTP server).
My concern is this is not actually secure at all, it seems someone could unzip the .apk, decompile it, view the strings.xml and java code that decrypts it - and thereby obtain the ftp login info. So my question is.. am I approaching this wrong way? Is there a standard method of ensuring passwords that are hard coded into an app can be secure? (note - in this case this is not a password a user of the app would enter, the FTP password is universal to all that install it so it is included in the app). Apologies if this is a noob question but I don't know my way around this whole decompiling / hacking android apps thing. Any input would be greatly appreciated! -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
