I have signed up for the Android Backup Service, and have been given a key to put in my AndroidManifest.xml. My application is open source, but I do not want to have the key publicly visible in my repository. How should I encrypt the key so that is decryptable only in my application?
Asked
Active
Viewed 1,004 times
2 Answers
3
My application is open source, but I do not want to have the key publicly visible in my repository.
Put the key in a string resource, in a separate resource file (e.g., res/values/omg_do_not_commit_this_to_the_repo.xml). Then, do not commit that file to the repo (e.g., if you are using Git, add the file to .gitignore).
CommonsWare
- 986,068
- 189
- 2,389
- 2,491
2
AndroidManifest.xml does not support any form of encryption for your keys. You should simply not check it into the public repository to prevent it from being shared
Raghav Sood
- 81,899
- 22
- 187
- 195
-
Would it be possible to have the AndroidManifest reference an encrypted value in strings.xml? – Aaron Hill Nov 11 '13 at 21:25