The file values.xml under the folder res(generated)/values. This file contains the firebase database URL, google API key etc information. Will it cause any security issue to the app? Can anybody access the firebase database using these values by decompiling the apk? If yes, how can I encrypt it? I tried implementing encryption but problem unable to access values inside. Getting error cannot resolve symbol raw. This is what I tried. Any help?
public static String encrypt(String value) {
try {
IvParameterSpec iv = new IvParameterSpec(INIT_VECTOR.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(SECRET_KEY.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte[] encrypted = cipher.doFinal(value.getBytes());
return Base64.encodeToString(encrypted, Base64.DEFAULT);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
public static String decrypt(String value) {
try {
IvParameterSpec iv = new IvParameterSpec(INIT_VECTOR.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(SECRET_KEY.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte[] original = cipher.doFinal(Base64.decode(value, Base64.DEFAULT));
return new String(original);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
//encryption
String textForEncryption = String.valueOf(getResources().openRawResource(R.raw.google_api_key));
String encryptedString;
encryptedString = encrypt(textForEncryption);
System.out.println("textForEncryption: " +textForEncryption);
System.out.println("encryptedString: " +encryptedString);
