0

Retrieve some kind of unique key/signature that can be read in android app if only installed only from play store.

The closest I got to was "https://developers.google.com/instance-id/guides/android-implementation" which seems exactly what I want but I'm still trying to wrap my head around it. It seems that you can create tokens but I don't want the token to change each time I get it !!

I want to use this key to decrypt a string but don't want the key to be in the app.

sridhar
  • 1
  • 1
  • There is no service that does that. Google Play doesn't store or send down decryption keys for your app. I suggest you describe what you're trying to protect and what threat vectors you're trying to protect against so you can get advice on what the right thing to do is. – Gabe Sechan Sep 01 '18 at 08:33
  • Thanks Gabe. I basically want a way to decrypt a string in the app but I don't the key to be inside the app. There is a way to check if the app is installed from play store so I was wondering if there is some unique identifier I can get .. https://stackoverflow.com/questions/37539949/detect-if-an-app-is-installed-from-play-store The above only helps protect if APK is pirated but doesn't prevent say asset extraction or class extraction from dex file to get source code .. – sridhar Sep 01 '18 at 09:29
  • Also, I tried using the instance ID, it does return a string but that unique only for the app lifetime. On reinstall there is a new ID so doesn't look like that is the mechanism for me .. – sridhar Sep 01 '18 at 09:47
  • If the user needs to log into your app, you can send it from the server. Otherwise there's no way to do this that isn't easily defeated – Gabe Sechan Sep 01 '18 at 14:33
  • Instance is is a token for Google play services. It's not suitable as an encrypting key – Gabe Sechan Sep 01 '18 at 14:34

0 Answers0