On Mar 3, 6:14 am, Menion <[email protected]> wrote: > Hi, > can you imagine how hard is then to decompile shared library written > in C? Or is this even possible? Thanks > > On Mar 2, 9:17 pm, Greg Donald <[email protected]> wrote: > > > On Tue, Mar 2, 2010 at 12:23 PM, Anna PS <[email protected]> > > wrote: > > > So I would like to store a username and password for HTTP login in the > > > Android source (it's an account that is app-wide, rather than per- > > > user, so I would like to supply it with the app). > > > > Is this a really bad idea? In other words, should I just assume that > > > any text in Android source can be decompiled and read once I've > > > released an app on the Market? > > > I wouldn't put a login in the code. > > > Here's the tool anyone can use to disassemble your > > code:http://jdasm.sourceforge.net/ > > > > If yes, would encrypting it help? Or would anyone who decompiled the > > > app also be able to work out the encryption method? > > > Decryption is just a matter of time, and it will go even quicker if > > you give them your encrypted password in the code.
You don't need to dissassemble any code at all. You just need to use a sniffer like wireshark, or a man-in-the-middle system, to inspect the HTTP packets and the password will be compromised. Dan -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
