Telegram TDLib Android : How to store apiId and apiHash?

Question

I am trying to build an android telegram client using the famous TDLib. Unfortunately, I could not find any good tutorials or documentation about using this library in android. But, I've understood how the library works from the Java examples.

The problem is when implementing the library, I've to pass the api_id and api_hash to TDLib. I think these variables must be unknown to others, as this can reused for malicious purposes.

As the documentation does not provide any best practices about storing the api_id and api_hash, How can I make them unavailable to the public and securely manage it in the android app?

score 2 · Accepted Answer · answered Apr 12 '20 at 22:09

From the developer of TDLib

On Android the values can't be accessed without root permissions if they are stored in any reasonable way. From the other side, they can be extracted from the app's memory with root permissions. So you can't do much besides storing them in the apps binary and obfuscating them in any simple way.

and he says, if someone extracts the key and uses it for a malicious purpose, only the user is blocked

Telegram TDLib Android : How to store apiId and apiHash?

1 Answers1