Where to store sensitive global information such as API keys in Android application?

Question

I need to store some sensitive information in an Android application. If I put it in a resource file, it appears that it is trivial for another app to be able to browse and

Answer 1

Your APK will be retrieved from the device and torn apart anyway. (After all, some devices are rooted.) Whatever you hardcode there, no matter where, will be found and extracted. Of course, if the potential gain substantiates the effort. Otherwise, security by obscurity, such as obfuscation, may be the way to go.

Handling real secrets should be based on some sort of input, notably passwords.

Happily, API keys, if used as they are supposed to, are not necessarily a real secret.