androiddevjedi androiddevjedi - 10 months ago 53
Android Question

How to not hardcode my password (Android)?

in my App i send bugreports via email. I heard that the to hardcode my password here is not secure so how do i protect it?

Is it enough to write into my /res/values and then read it from there?

The reason for this is that i won't use the internal email app. then the user exits my app and thats not very good because he may won't come back

GMailSender sender = new GMailSender("", "my_password");

Please help me.


You can use SHA encryption to encrypt your password:

Below is the code to use SHA encryption:


public class AeSimpleSHA1 { 

    private static String convertToHex(byte[] data) { 
        StringBuffer buf = new StringBuffer();
        for (int i = 0; i < data.length; i++) { 
            int halfbyte = (data[i] >>> 4) & 0x0F;
            int two_halfs = 0;
            do { 
                if ((0 <= halfbyte) && (halfbyte <= 9)) 
                    buf.append((char) ('0' + halfbyte));
                    buf.append((char) ('a' + (halfbyte - 10)));
                halfbyte = data[i] & 0x0F;
            } while(two_halfs++ < 1);
        return buf.toString();

    public static String SHA1(String text) 
            throws NoSuchAlgorithmException, UnsupportedEncodingException  { 
        MessageDigest md;
        md = MessageDigest.getInstance("SHA-1");
        byte[] sha1hash = new byte[40];
        md.update(text.getBytes("iso-8859-1"), 0, text.length());
        sha1hash = md.digest();
        return convertToHex(sha1hash);