This should be of help: http://developer.android.com/guide/publishing/licensing.html#impl-Obfuscator
It's a SharedPreferences wrapper that transparently encrypts and decrypts the data as it's stored and retrieved. You can find the sources in the Android Licensing library. One little glitch is that it uses a pretty long encryption key - from a pure security point of view, that's what you want, but it takes a long time (up to 2-3 seconds on older phones) to initialize. Because of this, I'd recommend initializing this class from a worker thread, or reducing the key length / number of iterations - technically this would be less secure, but still enough protection from "clever" users with rooted phones. -- Kostya 9 января 2012 г. 14:59 пользователь Daniel Drozdzewski < daniel.drozdzew...@gmail.com> написал: > Boris, > > Obfuscating as such makes sense only with the code, since the code > does not change its structure, only literal values (i.e. class names, > method names, variable names, ...). > By obfuscating (renaming all your method names within a class to say > a(), you are making it harder for attacker to understand your code > once its decompiled. > > As you see this will be of no use, when trying to protect data, which > is your case. > > You have to look into some encryption solution, but even when the > number gets encrypted, nothing stops the attacker to remove said > number altogether, or much simpler attack: uninstalling your > application. > > > Daniel > > > > On 9 January 2012 10:40, Boris Ehlers <boris.maccar...@googlemail.com> > wrote: > > Hi, > > > > Currently I am working on a business application for android which > > sends among other things IMEI and IMSI via textmessage to a second > > phone number, in case it assumes to be attacked. Currently the user is > > able to store the second phone number within the SharedPreferences. > > But in case Android is rootet, an attacker can easy manipulate the > > *_preferences.xml - File. > > > > For this reason, I would like to follow the obfuscate - approach with > > ProGuard but I am not sure, whether ProGuard is usable for obfuscating > > other filetypes than the java - sourcecode. > > > > I would highly appreciate other suggestions. Another approach would be > > to store secure relevant data to a "secure element" like a smartcard, > > but not every android device has such an additional hardware- > > extension. > > > > Cheers, Boris > > > > -- > > You received this message because you are subscribed to the Google > > Groups "Android Developers" group. > > To post to this group, send email to android-developers@googlegroups.com > > To unsubscribe from this group, send email to > > android-developers+unsubscr...@googlegroups.com > > For more options, visit this group at > > http://groups.google.com/group/android-developers?hl=en > > > > -- > Daniel Drozdzewski > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to android-developers@googlegroups.com > To unsubscribe from this group, send email to > android-developers+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
