What is a clever way to hide an access key?

Asked May 06 '16 at 23:06

Active May 07 '16 at 01:02

Viewed 97 times

In my android app, I am using an external api with my own secret access key. To use functions from the api, I must call a function with a String representing my secret access key. Problem is, everybody can see this (by decompiling the apk).

I can't use proguard

What is a clever way to hide my secret access key?

edited May 07 '16 at 01:02

asked May 06 '16 at 23:06

UFC Insider

4

Voted to close, because it's a question inviting opinion. The usual suspects apply, from steganography to encryption. Or store it in the cloud and load it upon install and check periodically. This way you can change it, too. – 323go May 06 '16 at 23:13
1

Check Android Key Strore, it could help you: http://developer.android.com/training/articles/keystore.html. I agree this question seems that you are asking about opinions. There are plenty of similar topics in SO: http://stackoverflow.com/questions/33358185/most-robust-way-to-store-api-keys-client-side http://stackoverflow.com/questions/33134031/is-there-a-safe-way-to-manage-api-keys You can always have private/public key keep them in android store and exchange if needed. – Rafal May 06 '16 at 23:41

What is a clever way to hide an access key?

0 Answers0