... and it looks like Google is recommending: Protect your Android Market public key
To keep your public key safe from malicious users and hackers, do not embed it in any code as a literal string. Instead, construct the string at runtime from pieces or use bit manipulation (for example, XOR with some other string) to hide the actual key. The key itself is not secret information, but you do not want to make it easy for a hacker or malicious user to replace the public key with another key. ... from http://developer.android.com/guide/market/billing/billing_best_practices.html On Fri, Feb 4, 2011 at 11:26 AM, Chris Palmer <[email protected]> wrote: > > So one could, in theory, create an app that > > snatches up all of the apks on every phone that installs it? > > One could even get all the APKs from Android Market! > > I would go as far as to say that you should not put secrets in APKs. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
