I am thinking about writing an iPhone/Android app which will, among other things, send emails. I would like to, in some cases, provide my own mail server as an option. This of course means I would need to store some sort of credentials in the app to connect to the mail server. But then someone could conceivably reverse-engineer my app and get the password from the executable, which would be bad. What are my options here, is any, so that I could provide some sort of authentication with the app, which would be truly secure?
Asked
Active
Viewed 34 times
2 Answers
0
You can still go with storing the credentials with the app, though make it more secure. You can do this by splitting the strings you store then encrypting them. This will make it harder to get the plain credentials from the executable.
Fair warning though: with this approach you can only make it harder (more obfuscated) for someone to get them. They can still figure it out. Although you can make it very very hard.
John Bennedict Lorenzo
- 527
- 3
- 10
0
If you are going fully native, mobile languages account for the need to remember credentials. Here are some starting points.
For iPhones: iOS: How to store username/password within an app?
For Androids: https://developers.google.com/identity/smartlock-passwords/android/store-credentials
If you aren't going native, you must also consider what server-side language you want to use and consider methods there (store a device identifier like MAC address, a generated key file on original login, and a username)
Community
- 1
- 1
Kyle Burkett
- 1,375
- 12
- 28
-
You misunderstood the question - has to do with shipping a pw with the app, not storing them once received in the app. – Conrad Feb 09 '16 at 18:17