Forgive me if there is a very obvious answer to this question, but I want to have the best answer possible.
>I must implement a system that needs to store some information at some times in application lifetime. >This information must not be deleted / modified in any way because of security issues (the user could trick the system). This is a scenario that is very similar to using APIs with secret keys. I , as a developer, have been given a secret key that is required for the API. I code that secret key into my app. * String secretKey="mysecretkey";* Given the ability to decompile .dex files, is this secure enough? I can think of other ways to do this, but what are the recommendations. I've looked at the Android Security FAQ and googled for an anwer. Thanks, Carmen -- Carmen http://www.twitter.com/CarmenDelessio http://www.talkingandroid.com On Tue, Sep 15, 2009 at 4:15 AM, Dianne Hackborn <hack...@android.com>wrote: > By definition, if the user has root, they can get to whatever they want. > Now you can make this more difficult for them, by doing things like > encrypting your data and trying to be as careful as you can about where you > put the encryption key (for ex get it over the network, only keep it in RAM, > never let it be written to storage), but you would probably want to do that > yourself since relying on the platform to do so just makes it easier for the > user to subvert. > > On Mon, Sep 14, 2009 at 11:07 PM, Andrei Bucur <andrei.bu...@gmail.com>wrote: > >> So basically storing private data on the phone is actually impossible? I >> must implement a system that needs to store some information at some times >> in application lifetime. This information must not be deleted / modified in >> any way because of security issues (the user could trick the system). >> Is there a way to this on a rooted phone (I'm pretty sure it's not... but >> the question worths a shot)? >> >> Thanks! >> >> > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
