How to store sensitive data into java code for android development

Question

I am willing to use java email api for my android app. I got it from this link. But as mentioned here in the link, to use this api, I need to give my own email id and password in GmailSender as Plain Text. For this reason I am tensed about my password. If anyone decompile the apk file then he can easily get my email id and password. But I don't know how to store these sensitive data into my code safely. How can I do this?

Note: I am not willing to use any third party library to encrypt thses data

Why can't you use an SMTP server and send emails from an anonymous account? — Codebender, May 21 '16 at 05:27

score 0 · Answer 1 · edited May 23 '17 at 12:10

0

It is nearly impossible to completely protect your app from reversal engineering, especially without any third party library.

BUT instead you can create another e-mail, with a different password, and configure it to resend any email received to your official e-mail.

This way if anyone actually manage to reverse the code and get the password, they will only have access to this secondary and unimportant e-mail account. This should solve the problem.

More info about actually protecting the code here:

How to avoid reverse engineering of an APK file?

How to make apk Secure. Protecting from Decompile

edited May 23 '17 at 12:10

Community

1
1

answered May 21 '16 at 05:04

Arthur Leão

39
6

Your idea is not bad. But I I have to use any library for protecting these data, then which is best and can you give me an example with that? – user6363583 May 21 '16 at 05:06
But none of them have any perfect answer. Everybody is suggesting. Nobody is answering – user6363583 May 21 '16 at 05:13
I wish i could help you more, But the thing is, it seems that this subject is not trivial. Truly protecting an app requires a lot of deep understanding of the matter, which i do not own. – Arthur Leão May 21 '16 at 05:23

score 0 · Answer 2 · answered Mar 04 '17 at 09:20

You should obfuscate your password string before keeping it in your source code. You can:

Do it manually, It can be take a time.
Or use some automatic tools. If you don't want to use any third party library to encrypt these data, Bg+ Anti Decompiler/Obfuscator is a good choice for you. It works on java source code (not Java byte-code) so you will control everything

How to store sensitive data into java code for android development

2 Answers2