Hi, I am working with on an Android opensource project, and we have functions that use twitter, gmail, etc in behalf of the user, so we are keeping their login credentials the database. To keep the passwords safe from prying eyes, we are thinking of encrypting the passwords (or OAuth access token) in the database. I have checked out a couple of encryption algorithms and noticed that two way (encrypt<- >decrypt) algorithms require some kind of secret key or password. And I am having trouble thinking where to hide this secret key. Is there a way to keep this key secure even if our code can be read by the public (because it is open-source)? Or is there another alternative security measure other than cryptography?
Thanks! -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
