This message was deleted kotlinlang #android

Channels

fluid-libraries

jhipster-kotlin

effectivekotlin

effective-kotlin

android-architecture

algolialibraries

stayhungrystayfoolish

pattern-matching

kotlin-data-storage

skia-wasm-interop-temp

squarelibraries

beepiz-libraries

cscenter-course-2016

kotlin-foundation

compose-android

lambdaworld_cadiz

kotlin-pakistan

java-to-kotlin-refactoring

event21-community-content

fb-internal-demo

kotlinprogrammers

kotlinx-datetime

framework-elide

github-workflows-kt

library-development

arrow-contributors

spring-security

pocketgitclient

domain-driven-design

swiss-user-group

refactoring-to-kotlin

ohio-kotlin-users

introduce-yourself

kotlin-by-example

kotlin-multiplatform-contest

graviton-browser

tricity-kotlin-user-group

kotlin-in-action

android-databinding

kotlintest-devs

cincinnati-user-group

codemash-precompiler

kotlingforbeginners

prozis-android-backup

realworldkotlin

connect-audit-events

russian-kotlinasfirst

androidgithubprojects

intellij-tricks

machinelearningbawas

swagger-gradle-codegen

100daysofkotlin

competitive-programming

compose-ui-showcase

androidx-xprocessing

navigation-architecture-component

strife-discord-lib

embedded-kotlin

image-processing

myndocs-oauth2-server

leedskotlinusergroup

kotest-contributors

practical-functional-programming

kotlinultimatechallenge

k2-early-adopters

kotlinforbeginners

compose-desktop

competitivecoding

100daysofkotlin-2021

refreshversions

language-evolution

jvm-ir-backend-feedback

python-contributors

codingconventions

sofl-user-group

getting-started

language-proposals

intellij-plugins

Title

# android

s

Slackbot

09/16/2019, 2:33 PM

This message was deleted.

👍 3

👎 3

r

rezenebe

09/16/2019, 3:07 PM

this is cool, but storing in properties can't be that much of a vulnerability right?

i'd like to think that most android apps are storing apikeys in that way, they can't all be at risk. Basic obfuscation shoulddo the trick

m

msink

09/16/2019, 3:14 PM

Hm, why? IMHO reverse engineering of small

.so

file is much easier than big

.jar

.

f

Foso

09/16/2019, 3:50 PM

A few days ago i wrote a small annotation processor that will generated the C file by annotating the external functions https://github.com/Foso/C-Crit_Generator

👍 1

d

dariuszbacinski

09/16/2019, 5:49 PM

Saying that storing api key in native code is more secure is over statement. Level of security is exactly the same.

Even worse it gives false sense of security.

r

rezenebe

09/16/2019, 7:12 PM

why is it a false sense of security @dariuszbacinski

d

dariuszbacinski

09/16/2019, 7:19 PM

Because you may think that your stuff is more secure just because it is stored in native part but it is not. This may encourage you to put things there which should never be there, like admin keys.

To me there should be a clear disclaimer that it does not make your keys more secure.

Like Mike said, for some of attacker it may be easier to extract key from native binary then from android resources.

5 Views