2

Basically what I'm trying to do is to keep a JSON file in the app directory in Android Studio like what firebase does for the 'google-service.json' and bundle it with the APK directly.

I should be able to read this file in the app and also the file should be private.

Any help would be appreciated...

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
Joel Raju
  • 1,210
  • 2
  • 18
  • 21

1 Answers1

1

You can store it encrypted in your assets folder to make it bundled along with the APK. How to create assets folder (right click on app): enter image description here

How to read file from assets folder: read file from assets

If you want to make it private, the best you can do is upon launching the app, fetch a decryption key from a remote server. But in the bottom line - any embedded private data from your APK can be reversed and obtained. You can only make it harder and thus weed out the script kiddies.

I highly recommend consulting about your initial design with someone who has significant security experience. A good expert will propose a method where you eliminate most risks by design, rather than work really hard on securing something that shouldn't be there in the first place.

Arseny Levin
  • 664
  • 4
  • 10