I working on payment library and i need to be sure is requests are from my library or not
i want to know can i generate a sign(or something that is secure and unique) for my library just like apk files?
any help would be appreciated.
Asked
Active
Viewed 1,064 times
2
Milad Bahmanabadi
- 946
- 11
- 27
-
since it won't be a standalone file in the app that uses it, but will be just merged into classes.dex, etc. it makes no sense to sign it, as you won't be able to check that signature – Vladyslav Matviienko Dec 12 '18 at 06:55
-
Is there any way to create something like sign for my library? No one should access that code, except the back-end to recognize the library – Milad Bahmanabadi Dec 12 '18 at 07:09
-
it is likely impossible to protect it. You may add something that will slow-down the reverse-engineering process (like obfuscation), but you can't prevent it. If you need it max security - move everything secret to the backend. Also it is much safe if you distribute your lib as native lib (`.so`) for example. But you will have to rewrite it with NDK. – Vladyslav Matviienko Dec 12 '18 at 07:40
1 Answers
1
Yes, you can
Sign your application and lib modue .aar will sign automatically.
For more details - How to sign AAR Artifacts in Android?
Yogesh Rathi
- 6,331
- 4
- 51
- 81
-
Thanks, but this Library will be used in many apps(not in my app), I need something unique and secure just for my library – Milad Bahmanabadi Dec 12 '18 at 07:03
-
1Then you can create one api from your library, send the package details, is eveything is good then accept as aar. – Yogesh Rathi Dec 12 '18 at 09:09
-
@Milad Have you managed to find a way to prevent your AAR from tampering? I'm also looking for similar approach. – MohanRaj Feb 28 '20 at 07:00