[android-developers] Re: Encrypting application data file that is bundled with apk !
Hi Slater, You could write a Java util to encrypt the file, then use the same algorithm and key to decrypt it in your android app before reading. Kirk On Apr 21, 12:04 pm, Slater easwar.satras...@gmail.com wrote: Hi, I plan to bundle an xml data file that has all the metadata required by the application. When my app loads for the first time, the xml data file is read and local database is created and populated. This xml file is a crucial part of my app and it holds at least 100k entries. I don't want this data to be compromised. Is there a way to encrypt this data file so that the file is unreadable in case someone opens the .apk file and extracts the data file. Your help is highly appreciated. Thanks, Slater. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Encrypting application data file that is bundled with apk !
On Tue, Apr 21, 2009 at 12:04 PM, Slater easwar.satras...@gmail.com wrote: Hi, I plan to bundle an xml data file that has all the metadata required by the application. When my app loads for the first time, the xml data file is read and local database is created and populated. This xml file is a crucial part of my app and it holds at least 100k entries. I don't want this data to be compromised. Is there a way to encrypt this data file so that the file is unreadable in case someone opens the .apk file and extracts the data file. Since the decryption algorithm and key would have to be part of your apk as well, someone could conceivably decompile your app and get all the information they need to decrypt the data. So you can't make it 100% secure, you can only make it less convenient for someone trying to get the data. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Encrypting application data file that is bundled with apk !
From what I understand, your requirements are: - your app uses data that it puts in a database during setup - the end user should not be able to access this data, except through your app's UI Possible cracks would then be Marco's decompilation idea, or inspecting the database. Without knowing more about your app, I have a few suggestions: - bundle encrypted data with the app, but not the key to decrypt - in the database, at least encrypt the names and values - don't decrypt all the data at one time, only decrypt whatever the UI requests One way to accomplish the last step is with a per-datum key fetched on demand from your web service. However, depending on the value of your data, hiding it and the key in your code may be sufficient to render decryption not cost-effective. Yusuf Saib Android ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Encrypting application data file that is bundled with apk !
Yusuf makes good suggestions. My personal suggestion would be to include it in a class file of your java program, then obfuscate your code. If your attempting to prevent compilation this is your best bet. On Apr 21, 5:32 pm, Yusuf T. Mobile yusuf.s...@t-mobile.com wrote: From what I understand, your requirements are: - your app uses data that it puts in a database during setup - the end user should not be able to access this data, except through your app's UI Possible cracks would then be Marco's decompilation idea, or inspecting the database. Without knowing more about your app, I have a few suggestions: - bundle encrypted data with the app, but not the key to decrypt - in the database, at least encrypt the names and values - don't decrypt all the data at one time, only decrypt whatever the UI requests One way to accomplish the last step is with a per-datum key fetched on demand from your web service. However, depending on the value of your data, hiding it and the key in your code may be sufficient to render decryption not cost-effective. Yusuf Saib Android ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---