提示和技巧来隐藏应用程序中的保密字符串 [英] Tips and tricks to hide secret string within application
问题描述
有对苏中,开发者询问如何保护放置在code秘密字符串或资源不被逆向工程了很多问题。例如<一个href=\"http://stackoverflow.com/questions/12465328/where-to-store-sensitive-global-information-such-as-api-keys-in-android-applicat\">this, 这或<一个href=\"http://stackoverflow.com/questions/15800755/how-to-secure-secret-string-in-android-app\">this.
There are a lot of questions on SO in which developers are asking about how to protect secret strings placed in code or resources against reverse engineering. For example this, this or this.
我要找出最佳做法,躲在这样那样的信息(例如你好,世界安全!字符串)。目标是要以某种方式处理它并将其包含到应用程序
I want to find out the best practices in hiding such kind of information(for example "Hello, secured world!" string). The goal is to process it somehow and include it into an application.
例如。分割字符串,在纯Java,混淆技巧,优势使用本地的(C)code。
E.g. splitting strings, tricks in pure Java, obfuscation, advantages of using native (C) code.
P.S。我知道我不能提供绝对的保障,但我想,以获取安全的信息尽可能的困难。
P.S. I know what i can't provide an absolute protection, but i want to make retrieving secure information as difficult as possible.
PPS当然,将数据保存在保密的最好办法不是将它们存储在设备上是使用谈判令牌提供接入的的雷托迈耶写道。这是关于授权。
P.P.S Of course the best way to keep data in secret is not to store them on the device is to use a negotiated token for providing access as Reto Meier wrote. It is regarding to authorization.
推荐答案
如果有人试图反向工程被读取一些code混淆器可以以prevent加密它们在源$ C $ C字符串您的应用程序。
Some code obfuscators can encrypt strings in your source code in order to prevent them to be read if someone tries to reverse engineer your app.
下面是一些模糊处理:
- Allatori
- DashO
- DexGuard
- Stringer
但是,最好的解决方案仍然不存储在用户的设备上的敏感的内容
But the best solution remains not to store sensitive data on the user's device.
这篇关于提示和技巧来隐藏应用程序中的保密字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
