After decompile the apk BuildConfig.java file values are accessible

Asked Jul 04 '22 at 14:25

Active Jul 04 '22 at 14:25

Viewed 364 times

I have created .env file in react native and from native side i'm able access the BuildConfig.KEY_NAME in MainApplication.java file But security team hS decompiled the app/APK using MobSF and can able to access the all keys from the BuildConfig.Java source file. How do we hide the values in BuildConfig file and how can we prevent accessing the BuildConfig.java file I have added proguard rules and minifyEnabled true.

  buildTypes {
    debug {
        signingConfig signingConfigs.debug
    }
    release {
        
        // see https://reactnative.dev/docs/signed-apk-android.
        signingConfig signingConfigs.release
        minifyEnabled enableProguardInReleaseBuilds
        proguardFiles getDefaultProguardFile("proguard-android.txt"), 
        "proguard-rules.pro"
    }
}

Did all the possible way But no luck yet. Could any body help me on this ?

My manager said don't use the NKD implementation using c/c++ approach Any help much appreciated

asked Jul 04 '22 at 14:25

Mallikarjun Hampannavar

`BuildConfig.*` fields are not encrypted, you need to implement your own logic for encryption & decryption of important keys. – Darshan Jul 04 '22 at 14:34
How do we implement @DarShan.. Can you please let me know if you know – Mallikarjun Hampannavar Jul 04 '22 at 14:37

After decompile the apk BuildConfig.java file values are accessible

0 Answers0