vnshetty vnshetty - 5 months ago 26
Android Question

Is there any way to keep information safe in an Android apk?

AFAIK Android decompilation allows one to extract every bit of information from an apk.
How can I store information like ftp passwords or other confidential strings in Java or any other XML file? Is there any way other than calling a service?

EDIT Problem:

String uname = "mks";
String part1="pass";
String part2="my";
String part3="word";

As per David answer i obfuscating a string but after dcompilation i able to see my password

String[] arrayOfString = new String[2]; arrayOfString[0] = "mks"; arrayOfString[1] = ("my" + "pass" + "word");


You're talking about obfuscating a string here. One of the easiest ways to accomplish this is to split it up into multiple parts in your code, and then combine these together to make the final result. All your strings are still present, but they will be hard to put back together again.

For example, if the password you're trying to hide is "102938475601", here's one way to do it:

// Declare the parts
String part2 = "3847";
String part1 = "1029";
String part3 = "5601";

// Log in to the server
ftpServer.sendLogin("username", part1+part2+part3);

This is a very simple form of obfuscation. If you're more keen on protecting the data, you could try additional methods such as encrypting the password with a non-standard form of encryption, and splitting the key up as described above.

But ultimately you're correct - there's no guaranteed way to package data in an Android app without it being accessible to anyone who decompiles the app. All you can do is make it harder for them to interpret whatever data they can find.