Android 中的资产安全 [英] Assets Security in Android
问题描述
我们如何使 Android 资产安全,以便在应用部署后无人可以读取它们?
没有什么可以阻止坚定的攻击者阅读它们.
使用您自己的应用程序级加密至少会使问题成为您的应用程序独有的问题,但仍然有人可以对您的应用程序进行代码分析以找出如何解密它们.
该平台有限的复制保护机制较弱,因为对于所有应用程序(例如通过生根手机),它们只需被击败一次.
平台功能使用的资产也容易受到配置为转储其副本的修改平台的攻击.</p>
如果您愿意,可以轻松地阻止不熟练的用户随意复制,同时节省您的时间和精力用于您可以真正获胜的战斗,例如应用程序的质量.
How can we make Android assets secure so that no one can read them after app deployment?
There is nothing you can do that will stop a determined attacker from reading them.
Using your own application level encryption would at least make the problem unique to your application, but someone could still do code analysis of your app to figure out how to decrypt them.
The platform's limited copy protection mechanisms are weaker, because they only have to be defeated once for all applications (such as by rooting the phone).
Assets utilized by platform functionality would also vulnerable to a modified platform configured to dump out copies of them.
Do what is easy to stop casual copying by unsophisticated users if you like, but then save your time and energy for battles you can actually win, such as the quality of your application.
这篇关于Android 中的资产安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
