9

It is very easy to decompile the code and code is not secured even with the Proguard.

What I required is to secure "key" in the app. Is build.gradle secured ? can it be decompiled ?

buildConfigField "String", "Key", "\"1234567890\""

Update

as per commonsware's answer I got that it's not secured ? is there any other way I can manage this ?

Vishal Khakhkhar
  • 2,106
  • 3
  • 29
  • 60

1 Answers1

11

Is build.gradle secured ?

build.gradle is not packaged into the APK.

The specific Gradle for Android statement you have in your question is adding a field to the code-generated BuildConfig Java class. This is handled like any other Java class from a code obfuscation standpoint.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • yes.. but in obfuscation there will be code like BuildConfig.Key right ? even though it can be reveled ? – Vishal Khakhkhar May 14 '15 at 13:33
  • 2
    @VishalKhakhkhar: I do not know what "this" is. If "this" is "prevent `Key` from being read out of the app", by definition, that's impossible. If the key can be used by your app, it can be used by a modified version of your app that dumps the key to LogCat or something. Tools like ProGuard, DexGuard, and kin make it a bit more difficult to access it, but they cannot prevent it. The only way to prevent the key from being accessed is to not have it in the app in the first place. – CommonsWare May 14 '15 at 13:51
  • ok. whole concept about creating private key is http://stackoverflow.com/questions/30239170/http-post-with-private-ssl-key-pfx-file. I want this key to be secured. Because my pfx can be fetched easily here. – Vishal Khakhkhar May 14 '15 at 13:56