I think Mark and I were both trying to give reasons as to why this would be hard / impossible no matter what, which, yes, I agree with you.
kris On Thu, May 31, 2012 at 9:15 AM, JP <joachim.pfeif...@gmail.com> wrote: > > Correct me if I am wrong folks, any encryption key and method that > would be used to decrypt resource files would be obfuscated by > Proguard, assuming the key is kept in the Java source, no? > So OP would use key-and-method to encrypt resource files in the > development environment and package the encrypted resource files with > the apk. At runtime, extract the resource, decrypt using the key and > go. > > > BTW, this: >> Download them from the Internet only on demand, and only ever hold them in >> RAM. > doesn't help much. The URLs of resource files could easily be packet- > sniffed when the device is running on WiFi, and used to milk the > resource files off of the OP's web server. > > > > On May 31, 4:47 am, Kristopher Micinski <krismicin...@gmail.com> > wrote: >> that's right, as (I forgot) the OP said this would have to be done >> without any user authentication or anything on the internet.. >> >> kris >> >> >> >> >> >> >> >> On Thu, May 31, 2012 at 6:32 AM, Mark Murphy <mmur...@commonsware.com> wrote: >> > On Thu, May 31, 2012 at 2:15 AM, Kristopher Micinski >> > <krismicin...@gmail.com> wrote: >> >> In that case, there's not really any way to *really* protect your >> >> files..., basically. You could imagine doing some complicated thing >> >> with encrypting them, but then even if you display them, the user can >> >> still do something like capture the framebuffer, or just grab the raw >> >> bytes from the vm (that would, of course, require a rooted device..). >> >> > Or decompile the APK, find the encryption algorithm and key, and >> > decrypt the images. >> >> > -- >> > Mark Murphy (a Commons Guy) >> >http://commonsware.com|http://github.com/commonsguy >> >http://commonsware.com/blog|http://twitter.com/commonsguy >> >> > _The Busy Coder's Guide to Android Development_ Version 3.7 Available! >> >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "Android Developers" group. >> > To post to this group, send email to android-developers@googlegroups.com >> > To unsubscribe from this group, send email to >> > android-developers+unsubscr...@googlegroups.com >> > For more options, visit this group at >> >http://groups.google.com/group/android-developers?hl=en > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to android-developers@googlegroups.com > To unsubscribe from this group, send email to > android-developers+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
