0

I have a fixed password to decode images stored on the SD card. The purpose is not high class security, its simply to prevent users from using a folder with 1500 pictures for other purposes.

So I encrypted the pictures using 128RSA, put them on my server, download them to the SD card, and decrypt them on the fly to show them in the application.

I know its not perfect, but its better to have PictureA.jpg readable. And still better then simply renaming them to 1.bin - 999.bin.

BUT, currently there is one place in source which looks like passwort="abc". Is there a way to make it harder to decompile? I know, who wants to will be able to do it, but making it a little harder would be nice.

Thanks, Chris

Christian Ruppert
  • 3,749
  • 5
  • 47
  • 72
  • Duplicate of http://stackoverflow.com/questions/1986261/hide-password-content-in-source-code ? – THelper Jun 09 '11 at 11:35
  • No it's seems to be different in the question you mentioned, a user will enter a password which should be validated against a hard coded one. in Christian's question there's no user to enter enter a password. – Flo Jun 09 '11 at 12:17

2 Answers2

1

Is there a way to make it harder to decompile?

Use ProGuard.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
0

The problem is that when the device is rooted the user can get any information from the device, so there's no real secure place to store such a password. You can only make it unlikely that someone will find the password.

Flo
  • 27,355
  • 15
  • 87
  • 125