I'm creating a basic android application using the Dropbox API. I am using the generated token of my account only in order to fetch some data from the dropbox account. Once I deploy the application I want everyone to see the contents my dropbox account only. The problem is I don't understand how should I store the token locally so if someone decompiles the application he can't use it. I can't use public/private keys because I am not connecting to a server. I read somewhere that I could store the password in an xml file and could password protect it. I am not sure how this would work. Can someone elaborate on how this could work? If there is any other way without too much complexity please let me know.
Asked
Active
Viewed 55 times
1 Answers
0
If you can not download anything at runtime, connect to a server neither use encryption, then the token needs to be included into the app. Your option is to make it a little more difficult for the attacker, obfuscating the code.
You could encrypt it using a password, but the password also has to be accesible from code, so the security problem remains
pedrofb
- 37,271
- 5
- 94
- 142