Moreover, you also have to ask yourself how much effort is needed for a given item.
For example, the OP was concerned about a Twitter API key. Personally, I wouldn't worry about that, since there are no real barriers for anyone else to get their own Twitter API key. On Fri, Dec 31, 2010 at 5:47 AM, Dianne Hackborn <hack...@android.com> wrote: > Ultimately there is no good answer here. No matter what you do, you can't > totally protect anything in your application. Your entire application is > out in the world, where anyone can get at its contents, and with sufficient > effort learn every deepest darkest secret it contains. > The question you have to ask yourself is, how difficult does it need to be > for someone to get at whatever you are concerned about? You can't make it > impossible. You can make it easy or various levels of harder. Moving to > native code gives you more tools for making it harder, but is never going to > be a panacea. How much time are you willing to spend on this vs. how much > harder you will make it? You are quickly going to find yourself reaching a > point of diminishing returns where a large amount of effort moves the > "harder to extract" needle only a little bit. > > On Fri, Dec 31, 2010 at 2:36 AM, Samuh <samuh.va...@gmail.com> wrote: >> >> This post [http://digital-identity.dk/2010/12/protecting-ip-in-android- >> applications/] suggests that apart from obfuscation, we can try >> implementing a portion of (sensitive) code natively. And then to >> ensure that the native code is used/called by our application only, we >> can match the digital keys used to sign the application. >> >> How effective will this prove to be? >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Android Developers" group. >> To post to this group, send email to android-developers@googlegroups.com >> To unsubscribe from this group, send email to >> android-developers+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/android-developers?hl=en > > > > -- > Dianne Hackborn > Android framework engineer > hack...@android.com > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to android-developers@googlegroups.com > To unsubscribe from this group, send email to > android-developers+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy Warescription: Three Android Books, Plus Updates, One Low Price! -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
