Menu
I am developing an android module, and I have to use a shared preferences to store a jwt token for auto login, and for some other thing.
I store it with a key, like "token" or something like that.
The problem is :
If the developer import my module for his application, and find out the key, he can easily read my jwt token, and It would not to good for me.
Could you provide me some alternative solution?
Edit : My minimum API level must be 14.
851
This problem is not as easy as it seems to be. For what I know the best solution is to store your key some way by using NDK; C code is harder to decompile and your protection level is higher than using simple Java.
Obfuscating Android Applications using O-LLVM and the NDK
Another solution could be to use a String obfuscator; but, generally speaking, security through obscurity is never a good idea.
Protect string constant against reverse-engineering
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
