堆栈内存溢出
  简体   繁体   English

如何将敏感数据存储到Java代码中以进行Android开发

[英]How to store sensitive data into java code for android development

 原文  2016-05-21 04:52:50       java/ android/ email/ security

问题描述

I am willing to use java email api for my android app. 我愿意为我的Android应用程序使用Java Email API。 I got it from this link . 我是从这个链接上得到的。 But as mentioned here in the link, to use this api, I need to give my own email id and password in GmailSender as Plain Text . 但是,如链接中此处所述,要使用此api,我需要在GmailSender中纯文本形式提供自己的电子邮件ID和密码。 For this reason I am tensed about my password. 因此,我对密码感到紧张。 If anyone decompile the apk file then he can easily get my email id and password. 如果有人反编译apk文件,那么他可以轻松获取我的电子邮件ID和密码。 But I don't know how to store these sensitive data into my code safely. 但是我不知道如何将这些敏感数据安全地存储到我的代码中。 How can I do this? 我怎样才能做到这一点?

Note: I am not willing to use any third party library to encrypt thses data 注意:我不愿意使用任何第三方库来加密这些数据

2 个解决方案

解决方案1
 0  2016-05-21 05:04:04

It is nearly impossible to completely protect your app from reversal engineering, especially without any third party library. 完全保护您的应用程序免受逆向工程的影响几乎是不可能的,尤其是在没有任何第三方库的情况下。

BUT instead you can create another e-mail, with a different password, and configure it to resend any email received to your official e-mail. 但是,您可以创建另一个具有不同密码的电子邮件,并将其配置为重新发送接收到您的官方电子邮件的任何电子邮件。

This way if anyone actually manage to reverse the code and get the password, they will only have access to this secondary and unimportant e-mail account. 这样,如果任何人实际设法撤消代码并获取密码,他们将只能访问该辅助且不重要的电子邮件帐户。 This should solve the problem. 这应该可以解决问题。

More info about actually protecting the code here: 有关在此处实际保护代码的更多信息:

How to avoid reverse engineering of an APK file? 如何避免APK文件的反向工程?

How to make apk Secure. 如何使apk安全。 Protecting from Decompile 防止反编译

解决方案2
 0  2017-03-04 09:20:07

You should obfuscate your password string before keeping it in your source code. 您应该先对密码字符串进行混淆处理,然后再将其保留在源代码中。 You can: 您可以:

  • Do it manually, It can be take a time. 手动执行,可能需要一段时间。
  • Or use some automatic tools. 或使用一些自动工具。 If you don't want to use any third party library to encrypt these data, Bg+ Anti Decompiler/Obfuscator is a good choice for you. 如果您不想使用任何第三方库来加密这些数据,则Bg + Anti Decompiler / Obfuscator是您的理想选择。 It works on java source code (not Java byte-code) so you will control everything 它适用于Java源代码(而不是Java字节码),因此您将控制一切

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java-存储敏感数据 - Java - store sensitive data 如何使用Java在Android开发中为程序逻辑存储数据? - How to store Data for program logic in Android Development in Java? Java和Web开发:存储自定义敏感数据(例如私钥,API密钥等)的良好实践 - Java and Web development: good practices to store custom sensitive data such as private keys, API keys, etc 如何在Java配置文件中存储敏感数据? - How can I store sensitive data in Java configuration files? 如何在桌面客户端应用程序(Java)中存储密码和敏感数据? - How to store passwords and sensitive data in a desktop client application (Java)? 如何使用 java 存储敏感信息? - How to store sensitive information using java? 在运行时在Java(android)中存储敏感数据 - Storing sensitive data in java(android) at runtime 如何在Android上安全存储商店敏感日期? - How can I securely store store sensitive date on an Android? Android代码在开发中工作,但在Play商店中失败 - Android code works in development but failed in play store 使用java.lang.String存储敏感数据是否有害? - Is it harmful to use java.lang.String to store sensitive data?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM