This message was deleted.
# androids
Slackbot
09/16/2019, 2:33 PMThis message was deleted.
👍 3
👎 3
r
rezenebe
09/16/2019, 3:07 PMthis is cool, but storing in properties can't be that much of a vulnerability right?
rezenebe
09/16/2019, 3:08 PMi'd like to think that most android apps are storing apikeys in that way, they can't all be at risk. Basic obfuscation shoulddo the trick
m
msink
09/16/2019, 3:14 PMHm, why? IMHO reverse engineering of small
.so.jarf
Foso
09/16/2019, 3:50 PMA few days ago i wrote a small annotation processor that will generated the C file by annotating the external functions https://github.com/Foso/C-Crit_Generator
👍 1
d
dariuszbacinski
09/16/2019, 5:49 PMSaying that storing api key in native code is more secure is over statement. Level of security is exactly the same.
dariuszbacinski
09/16/2019, 5:53 PMEven worse it gives false sense of security.
r
rezenebe
09/16/2019, 7:12 PMwhy is it a false sense of security @dariuszbacinski
d
dariuszbacinski
09/16/2019, 7:19 PMBecause you may think that your stuff is more secure just because it is stored in native part but it is not. This may encourage you to put things there which should never be there, like admin keys.
dariuszbacinski
09/16/2019, 7:24 PMTo me there should be a clear disclaimer that it does not make your keys more secure.
dariuszbacinski
09/16/2019, 7:25 PMLike Mike said, for some of attacker it may be easier to extract key from native binary then from android resources.
5 Views