Java – anti hacking solution for secret keys in Android applications?

Java

I need to store a private string key in the application Its value never changes and is set manually in the code I can't obviously store it as a string because reverse engineering will show it, even if it's confusing

How do you advise me to protect this private key?

Although I save it to the database, the database can also be pulled out of the phone

PS. this key is a special parameter, so it is an important method that no one knows! This is not a decryption key This string will be used as a parameter to the encryption method (MD5 or similar) and then send the result to our Internet service

edit

Sorry to make it so complicated, I thought I could get an answer with as little information as possible

The application will allow users to send some text to Internet services and then publish the text to a web site We need to make sure to send text through Android phones, because any web robot script can imitate Android phones and publish spam Due to the unpopular verification code method on mobile phones, there will be a secret key to generate a hash code through MD5 (and some other things) This hash will be sent to the Internet service The Internet service will use the same key to get MD5 results, and then compare it to see if the sender is a mobile phone or some robot

This is the most I can say I hope it's enough

Solution

I suggest you reconsider your security architecture Anything that comes with the application is discoverable (for example, Android's license verification library is designed to provide the public key with the application.)

One possibility is that the application retrieves the key from the server (via a secure socket or HTTPS connection) This obviously requires the application to submit some kind of identification / authentication (possibly based on user input) to the server

If you are using a key for encryption, let's take a look at how public key encryption should work Your application should have a public key; The Internet service can then decrypt using the matching private key

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>