Who is "we"? This problem exists for all software ever written, where the software is distributed. Desktop applications and mobile applications are equally susceptible. Even Web apps, where this data is distributed via Javascript (versus being run on the Web server) can have this problem.
On Thu, Dec 30, 2010 at 4:20 PM, jacek <[email protected]> wrote: > Apps that integrate with various web services and APIs, such as > Twitter, > need to use service provisioned API keys and shared secrets > which are Java Strings. > > Such Strings should be retrievable by anyone who decompiles an .apk > (I must try this myself against my own apk) > > In the next step the malicious developer will be able to impersonate > the decompiled app... > > Am I missing something, or do we have a problem? > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en > -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy Android Training in Atlanta: http://bignerdranch.com/classes/android -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
