发表新帖
发表新帖

How to save secret key securely in android

后端 未结
关注
5 440
借酒劲吻你
借酒劲吻你 2021-02-05 10:38

I just read this article http://android-developers.blogspot.in/2013/02/using-cryptography-to-store-credentials.html where I learnt to generate security key.

I want to kn

5条回答
  • 天涯浪人
    天涯浪人 (楼主)
    2021-02-05 11:11

    if Android is rooted, there is no way to secure any thing, so you should better look for architectural changes in your application.

    Example : WhatsApp

    Upon installation, WhatsApp creates a user account using one’s phone number as the username (Jabber ID: [phone number]@s.whatsapp.net). A password is generated using an unknown algorithm on the server end and sent to the client.

    But if phone is rooted you can easily extract this password as mention here.

    WhatsApp uses End-to-End Encryption, it stores all its data in encrypted form in internal storage.

    Example : Snapchat

    Snapchat has stated that Snapchatters using a Rooted Android device will be blocked from logging in.

    Suggestion

    What you can do is to use the mixture of techniques by both giant applications WhatsApp and Snapchat i.e

    • Block the phones that are rooted
    • Make sure to make password "User-Specific" (every user has it's own key) rather than "App-specific" (the same on all devices)
    • Save password on Server, and fetch it on every start of the application (validate and delete, do not store)
    • Make sure all your data is in encrypted form

    0 讨论(0)
 看不清?
提交回复
热议问题